AIARCOASC Docs

WAF & API protection

Managed rule sets + custom rules + OpenAPI-schema enforcement on every request.

What it is

Inspects every request against three layers: a managed rule set updated daily, your custom rules (boolean DSL over headers/body/geo/JA3), and — uniquely — schema enforcement against your OpenAPI spec (drop requests that don't match the declared shape).

When to use it

  • Block OWASP Top-10 with zero config.
  • Drop requests that don't match your API's OpenAPI schema (no more 'someone sent us 50KB of garbage').
  • Block by JA3 fingerprint, country, IP class.

Quickstart

asc shield waf rules import-openapi example.com ./openapi.yaml
asc shield waf rules add example.com --expression 'ja3.fp eq "abc..."' --action block
client.shield.waf.import_openapi('example.com', './openapi.yaml')
await client.shield.waf.importOpenapi('example.com', './openapi.yaml');

Limits & quotas

LimitDefaultBurstNotes
Custom rules1,000 (Business)5,000Enterprise
Schema-enforced endpointsUnlimited
Managed update cadenceDaily

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • POST /v1/shield/waf/rules
  • POST /v1/shield/waf/openapi/import

Required scope(s): shield.waf:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.