F5 Distributed Cloud WAF
By F5
F5's SaaS/CDN-delivered WAF and API security service, managed as one policy set across multiple clouds rather than per-appliance. API discovery and lifecycle protection draw on technology from F5's 2024 acquisition of the API security startup Wib.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaS
- Organization size
- Mid-marketEnterprise
- Pricing tier
- $$$
Capability checklist
WAFHow F5 Distributed Cloud WAF measures up against the full WAF & API Security taxonomy.
- Attack signature blocking — supported
- Blocks OWASP Top 10 style attacks like SQL injection and XSS at the edge.
- API discovery — supported
- Automatically inventories known and shadow API endpoints from observed traffic.
- Schema validation — supported
- Enforces that requests match the declared API schema, blocking anything that doesn't.
- Bot management — supported
- Distinguishes automated and malicious bot traffic from legitimate users.
- Rate limiting — supported
- Throttles abusive request volumes per client or endpoint.
- Runtime API protection — supported
- Detects and blocks data leakage and abuse in live API traffic.
Alternatives
Other WAF & API Security tools with overlapping capabilities, sized for similar teams.