Enterprise-Grade Web Application Firewall

  • Custom security rules tailored to your organization’s security policy and use cases
  • 24/7 premium support and 99.999% uptime SLA
  • Level 1 PCI-certified Web Application Firewall
  • Managed and tuned 24/7 by Incapsula’s security experts
  • Trusted by the world’s most security-conscious enterprises and government agencies


Protection against OWASP Top 10 Threats

Incapsula’s Web Application Firewall protects against the most critical web application security risks, such as SQL injection, cross-site scripting, illegal resource access, remote file inclusion and other OWASP Top 10 threats. Security experts behind Incapsula's service ensure optimum protection against newly discovered vulnerabilities to prevent disruption to your application and improve website performance.

Protection against OWASP Top 10 Threats
IncapRules - Custom Web Application Security
Enterprise Feature

IncapRules - Custom Security Rules

Incapsula’s custom security rules allow you to enforce your organization’s security policy in an optimal manner within Incapsula’s Web Application Firewall. A simple-to-use GUI lets you configure tailored security rules to meet your business’ particular needs.

Each security rule can be configured specifically according to the customer’s blocking policy (block request, block IP, block session or alert only).

PCI Certification & Reporting

Incapsula’s Web Application Firewall is certified by the PCI Security Standards Council. It delivers cost-effective compliance with PCI DSS requirement 6.6 without any hardware or software installation and without changes to your web application.

Incapsula protects you from liabilities and non-compliance penalties, while protecting your customers' sensitive data from exposure on your site. The PCI compliance report audits security rules configuration changes and periodically reports on your compliance with PCI 6.6 requirements.

Web Application Firewall - PCI Certification & Reporting
Incapsula WAF - Crowdsourcing Security


Using crowdsourcing techniques, Incapsula's Web Application Firewall protects your websites and applications with collective knowledge about the current threat landscape. Threat information is aggregated across the entire Incapsula community using big data analytics. This data is used to identify new attacks as they happen and simultaneously apply mitigation rules to all websites protected by Incapsula.

Exception Handling and False Positive Tuning

The security policy can be fine-tuned to address specific URLs, fields, IP addresses and countries. Powerful access control capabilities enable you to define exceptions and minimize false-positives.

Incapsula WAF - Exception Handling and False Positive Tuning

Just a few of the thousands of organizations that trust us with their sites:

Why online businesses choose Incapsula's Web Application Firewall?

Enterprise-grade security

Incapsula’s unmatched security capabilities, customization options and reporting analytics are used by the world's most security-conscious businesses, such as financial institutions, government agencies and trading platforms.

Security as a service

Incapsula monitors and detects threats for thousands of websites, is subjected to hundreds of penetration tests and millions of attacks every day, and constantly updates the WAF with the latest threat vectors and vulnerability remediation.

Decades of experience

As a spin-off of Imperva, Incapsula’s WAF threat detection models leverage Imperva’s vast experience and best practices, gained over the past eight years of leading the WAF market.

Business Continuity

Dynamic profiling and application-aware technologies minimize false positives and protect against emerging threats.

Activated by simple DNS change

No hardware or software installation, integration or changes to the website.

Dedicated Security Research Team

Continuous monitoring and policy tuning by world-class security experts.