1 website
Protect one primary domain for business sites, landing pages, WordPress or online stores.
AntiDDoS/WAF for websites
Website WAF Protection
Place a Web Application Firewall in front of your website to filter bots, reduce HTTP Flood impact and keep the site reachable during Layer 7 attacks.
SSL support
Enable SSL when DNS is pointed correctly and the website configuration is valid.
Request limit
Default 2,000 requests/10 seconds to reduce abnormal application-layer traffic.
Large bandwidth
The WAF plan includes 5,000 GB/month for stable access needs.
WAF package
AntiDDoS/WAF specs
Protect one website, suitable for business sites, landing pages, WordPress, online stores and public APIs.
AntiDDoS/WAF 1 Web 250,000 VND/month Order WAF
Rental period
1 months3 months6 months12 months24 months36 months
- Websites
- 1 website
- Price
- 250,000 VND/month
- Request limit
- 2,000 requests/10 seconds
- Bandwidth
- 5,000 GB/month
- Activation DNS
- Point A record to the assigned WAF IP
- Default ports
- HTTP 80, HTTPS 443
Layer 7 WAF
Filter requests before origin
WAF receives HTTP/HTTPS traffic, separates clean requests from abnormal traffic, and forwards only valid traffic to the origin server. This helps protect login forms, APIs, checkout pages and admin areas.
HTTP/HTTPS filter
Block abnormal requests, bot flood and Layer 7 attack patterns.
Origin shield
Hide the origin server behind the WAF layer to reduce direct malicious traffic.
Request limiting
Keep traffic within a safe threshold so fake spikes do not exhaust the site.
HTTP/HTTPS
When does a website need WAF?
Many DDoS attacks imitate real users and continuously hit login pages, carts, APIs or product pages. WAF filters this traffic before it reaches the origin server.
HTTP Flood
Continuous requests against heavy pages, search endpoints or product pages.
Bot traffic
Crawlers, scanners, spam forms and repeated requests that waste resources.
Login/API abuse
Traffic targeting login forms, public APIs, webhooks or checkout pages.
E-commerce websites
Landing pages, WooCommerce, online stores and order pages.
Login forms and APIs
Protect login areas, public APIs, checkout, carts and admin panels.
Excessive bot crawling
Reduce repeated requests, HTTP Flood, bot scanning and abnormal website traffic.
No infrastructure move
Add protection in front of the current origin server without migrating the website.
DNS + WAF
How to order AntiDDoS/WAF
Prepare the domain before ordering
Point the domain A record to a WAF IP. If the website uses both root domain and www, point both records.
If using Cloudflare or DNS proxy
Temporarily disable proxy/CDN and keep the record DNS only during ordering so the system can verify the WAF IP correctly.
Fill in the order form
Enter only the domain, use the real origin server IP, and set HTTP Port to 80 and HTTPS Port to 443 unless your site uses custom ports.
Activation
Activation process
1. Point DNS
Update the domain A record to the assigned WAF IP.
2. Submit config
Enter domain, origin server IP, HTTP/HTTPS ports and SSL preference.
3. Verify access
VPSTTT checks DNS, origin connectivity and website response status.
4. Enable protection
WAF receives traffic, filters abnormal requests and forwards clean requests to the origin server.
FAQ
Website WAF FAQ
How is Website WAF different from Firewall Anti DDoS?
Firewall Anti DDoS protects broader network-layer and service traffic. Website WAF focuses on HTTP/HTTPS, bots, abnormal requests and Layer 7 attacks against websites.
How much does AntiDDoS/WAF 1 Web cost?
AntiDDoS/WAF 1 Web costs 250,000 VND/month and can be rented for 1, 3, 6, 12, 24 or 36 months.
What do I need before ordering?
Prepare your domain, real origin server IP, HTTP/HTTPS ports and point the A record to 160.30.156.9 or 160.30.156.10 before activation.
Does WAF support SSL?
Yes. SSL can be enabled when DNS is pointed correctly and the website information is valid. For complex setups, open a ticket for technical support.
