AntiDDoS/WAF for websites

Website WAF Protection

Place a Web Application Firewall in front of your website to filter bots, reduce HTTP Flood impact and keep the site reachable during Layer 7 attacks.

7-day money-back guarantee if you are not satisfied

1 website

Protect one primary domain for business sites, landing pages, WordPress or online stores.

SSL support

Enable SSL when DNS is pointed correctly and the website configuration is valid.

Request limit

Default 2,000 requests/10 seconds to reduce abnormal application-layer traffic.

Large bandwidth

The WAF plan includes 5,000 GB/month for stable access needs.

WAF package

AntiDDoS/WAF specs

Protect one website, suitable for business sites, landing pages, WordPress, online stores and public APIs.

AntiDDoS/WAF 1 Web 250,000 VND/month Order WAF

Rental period

1 months3 months6 months12 months24 months36 months
Websites
1 website
Price
250,000 VND/month
Request limit
2,000 requests/10 seconds
Bandwidth
5,000 GB/month
Activation DNS
Point A record to the assigned WAF IP
Default ports
HTTP 80, HTTPS 443
Filter requests before origin
Layer 7 WAF

Filter requests before origin

WAF receives HTTP/HTTPS traffic, separates clean requests from abnormal traffic, and forwards only valid traffic to the origin server. This helps protect login forms, APIs, checkout pages and admin areas.

HTTP/HTTPS filter

Block abnormal requests, bot flood and Layer 7 attack patterns.

Origin shield

Hide the origin server behind the WAF layer to reduce direct malicious traffic.

Request limiting

Keep traffic within a safe threshold so fake spikes do not exhaust the site.

HTTP/HTTPS

When does a website need WAF?

Many DDoS attacks imitate real users and continuously hit login pages, carts, APIs or product pages. WAF filters this traffic before it reaches the origin server.

HTTP Flood

Continuous requests against heavy pages, search endpoints or product pages.

Bot traffic

Crawlers, scanners, spam forms and repeated requests that waste resources.

Login/API abuse

Traffic targeting login forms, public APIs, webhooks or checkout pages.

When does a website need WAF?

E-commerce websites

Landing pages, WooCommerce, online stores and order pages.

Login forms and APIs

Protect login areas, public APIs, checkout, carts and admin panels.

Excessive bot crawling

Reduce repeated requests, HTTP Flood, bot scanning and abnormal website traffic.

No infrastructure move

Add protection in front of the current origin server without migrating the website.

DNS + WAF

How to order AntiDDoS/WAF

1

Prepare the domain before ordering

Point the domain A record to a WAF IP. If the website uses both root domain and www, point both records.

2

If using Cloudflare or DNS proxy

Temporarily disable proxy/CDN and keep the record DNS only during ordering so the system can verify the WAF IP correctly.

3

Fill in the order form

Enter only the domain, use the real origin server IP, and set HTTP Port to 80 and HTTPS Port to 443 unless your site uses custom ports.

Activation

Activation process

1. Point DNS

Update the domain A record to the assigned WAF IP.

2. Submit config

Enter domain, origin server IP, HTTP/HTTPS ports and SSL preference.

3. Verify access

VPSTTT checks DNS, origin connectivity and website response status.

4. Enable protection

WAF receives traffic, filters abnormal requests and forwards clean requests to the origin server.

Service selection guide

When should you choose Website WAF Anti-DDoS?

Website WAF Anti-DDoS should be selected by workload goal, user location, security needs and scaling path, not only by the lowest monthly price.

01 Protect the application layer

Best for ecommerce sites, ad landing pages, login portals, public APIs or systems facing abnormal Layer 7 requests.

02 Enable before traffic peaks

Enable WAF before campaigns, sale seasons, or after spam requests, bots, form scans and HTTP flood attempts.

03 Hide the origin server

Point DNS to WAF, confirm origin IP, HTTP/HTTPS ports and SSL so malicious requests are filtered first.

Quick comparison by situation

SituationWebsite WAF Anti-DDoSAlso consider
Login/checkout/API exposedWAF filters abnormal requests before the originNetwork firewall protects lower layers only
High-traffic campaignReduce bots, form spam, HTTP flood and downtime risksCDN helps but does not replace custom WAF rules
Hide origin IPDNS points to WAF and origin receives cleaner trafficSSL/port configuration must be correct first
FAQ

Website WAF FAQ

How is Website WAF different from Anti-DDoS Firewall?

Anti-DDoS Firewall protects broader network-layer and service traffic. Website WAF focuses on HTTP/HTTPS, bots, abnormal requests and Layer 7 attacks against websites.

How much does AntiDDoS/WAF 1 Web cost?

AntiDDoS/WAF 1 Web costs 250,000 VND/month and can be rented for 1, 3, 6, 12, 24 or 36 months.

What do I need before ordering?

Prepare your domain, real origin server IP, HTTP/HTTPS ports and point the A record to 160.30.156.9 or 160.30.156.10 before activation.

Does WAF support SSL?

Yes. SSL can be enabled when DNS is pointed correctly and the website information is valid. For complex setups, open a ticket for technical support.

7+ Years of Accompanying Stable and Growing Digital Infrastructure

Important numbers help customers feel more secure when choosing VPS, proxy, hosting, server and infrastructure services at VPSTTT.

7+

Experience deploying and operating digital infrastructure

50K+

Customers and partners have trusted the VPSTTT ecosystem

24/7

Technical support team throughout the usage process

99.9%

Stability targets for critical infrastructure services

10Gbps

High-speed network connection for multiple workload groups

Trusted by More than 50,000 Domestic and Foreign Customers and Partners

VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo
VPSTTT customer logo

Rate the Quality of VPSTTT Service From Customers

Actual feedback from customers operating websites, VPS, proxies, hosting and server systems with VPSTTT.

Google Reviews: 5/5 | 125 Reviews
Facebook Reviews: 4.9/5 | 62 Reviews

Growth Journey Built From Customers

Each project has its own problem: speeding up the website, separating the operating environment, expanding the campaign or standardizing the infrastructure. VPSTTT accompanies from configuration selection to post-deployment optimization.

See all
4.8/5Reviews · 209reviewsIn stock