Varnish WAF - Varnish Software

Varnish Web Application Firewall

The Varnish Web Application Firewall (WAF) lets you inspect your HTTP traffic and detect malicious requests at the edge before they reach your web application.

The Varnish WAF

Lets you set your own security rules, ModSecurity style. Implementing the Varnish WAF will help you prevent code injections, such as SQL injections as well as other potential attacks stemming from web application security flaws. The unique flexibility of VCL is what gives the Varnish WAF its power, allowing you to determine and control your own WAF security rules.

The Varnish WAF is currently in development and will be made generally available in Q3-2018.


  • Implemented as a VMOD and configurable in VCL, Varnish WAF gives you near-endless flexibility for setting and adjusting your own WAF security logic
  • Based on ModSecurity, which provides signature-based, real-time HTTP request and response analysis
  • Allows you to protect your origin not only from heavy traffic but also from malicious requests.

Who should use the Varnish WAF?

  • Organizations using legacy web applications that cannot be upgraded
  • Businesses using CMSes of all sizes and types, including the world’s most popular systems, such as WordPress, Joomla and Drupal
  • All security-aware organizations wanting the flexibility to set their own web application security rules.


Book a meeting

Curious to find out more about our solutions? Schedule a meeting with our sales department.


Talk to us

Estimate pricing

In the market for Varnish? Get a price estimate right away using our estimation tool.



Talk to a customer engineer

Varnish experts are on hand to answer your technical questions and help you find the solution you need.


Contact us

Request a free trial