Official logo for Cloudbric Web Application Firewall

Cloudbric Web Application Firewall

by Cloudbric Corp.

Free Tier Available
3.5
WAFPlanet Rating

AI-powered cloud WAF from South Korea offering OWASP protection, DDoS mitigation, and SSL management with a focus on the APAC market.

Visit Website Documentation View Pricing
Company: Cloudbric Corp.
Pricing: Free tier; paid plans quoted by traffic volume
Founded: 2015

Overview

Cloudbric is a cloud-based, reverse-proxy web application firewall now positioned as a WAAP (Web Application and API Protection) platform. It is the cloud web-security brand of Penta Security, a Seoul-based Korean firm with two decades in web security. A patented logic-based engine and a deep-learning AI engine inspect traffic without relying on signatures alone.

This dual-engine design aims to catch novel attacks while keeping false positives low, and the service is fully managed. Beyond the core WAF, Cloudbric bundles Layer 3/4/7 DDoS mitigation up to roughly 40 Gbps, free SSL, and bot control in one subscription, backed by Penta Security's long web-security lineage.

Deployment is DNS-based with no agent or code change, so onboarding is fast. Strongest across APAC, Cloudbric markets more than 100,000 references in 114 countries, with a free tier for up to 4 GB of monthly traffic and paid plans quoted by traffic volume. It best fits APAC-focused, small to mid-size organizations wanting managed, AI-assisted protection.

Ratings Breakdown

Ease of Use 4.0/5
Value for Money 3.8/5
Customer Support 3.3/5
Features 3.4/5

Key Features

Deep Learning Detection

AI-powered threat detection using deep learning instead of pure signature matching.

DDoS Protection

Layer 3/4/7 DDoS mitigation included with WAF service.

Free SSL Management

Automatic SSL certificate provisioning and management.

Pros & Cons

Pros

  • Free tier available

    Basic WAF protection available at no cost for small sites.

  • AI-powered detection

    Deep learning engine reduces false positives compared to signature-only WAFs.

  • Easy setup

    DNS-based deployment with no server changes required.

Cons

  • Limited global presence

    Primarily focused on APAC market with fewer global PoPs.

  • Smaller ecosystem

    Less community support and third-party integrations than major vendors.

Pricing

Pricing model: Free tier; paid plans quoted by traffic volume

Free

Free

Full WAF+ feature set for up to 4 GB of monthly traffic

  • WAF protection
  • DDoS mitigation
  • Free SSL
  • 4 GB traffic/month

Paid

Custom pricing

Higher traffic volumes, quoted by bandwidth and per domain

  • Everything in Free
  • Higher monthly traffic
  • Custom rules
  • Priority support

Our Verdict

Cloudbric offers an accessible, AI-powered WAF with a generous free tier. It is particularly well-suited for APAC-focused deployments and small to mid-size websites.

Our verdict: A solid budget WAF with AI capabilities, best for APAC-focused smaller deployments.

CVE Coverage

Cloudbric Web Application Firewall can detect and block attacks matching 105K+ known CVEs based on its supported rule sets.

13K+
Critical
25K+
High
44K+
Medium
1.7K+
Low

Coverage by Attack Type

Cross-Site Scripting (XSS) High
45K+ CVEs
SQL Injection High
19K+ CVEs
Improper Input Validation Medium
12K+ CVEs
Path Traversal High
9.1K+ CVEs
Code Injection Medium
6.5K+ CVEs
OS Command Injection High
5.9K+ CVEs
Unrestricted File Upload Medium
4.1K+ CVEs
Command Injection High
3.6K+ CVEs
Open Redirect Medium
1.5K+ CVEs
XML External Entity (XXE) High
1.2K+ CVEs

Latest Blockable CVEs

CVE Severity
CVE-2026-49294 UNKNOWN
CVE-2026-20262 MEDIUM
CVE-2026-9863 UNKNOWN
CVE-2026-9862 UNKNOWN
CVE-2025-15659 UNKNOWN
CVE-2025-15658 UNKNOWN
CVE-2026-52704 UNKNOWN
CVE-2019-25746 HIGH
CVE-2018-25436 CRITICAL
CVE-2016-20084 HIGH
Browse all CVEs →

Frequently Asked Questions

Does Cloudbric work with WordPress and other CMS platforms?

Yes. Cloudbric WAF+ is deployed via a DNS change and sits in front of any web application regardless of stack, so WordPress, Shopify, and other CMS sites are protected without installing a plugin or agent. Because it is reverse-proxy based, there are no server-side modifications required.

Is there a free version of Cloudbric?

Yes. Cloudbric offers a free plan covering up to 4 GB of monthly traffic with the full WAF+ feature set, aimed at users new to WAF protection. For higher traffic you move to a paid plan quoted by bandwidth.

How is Cloudbric priced?

Cloudbric has a free plan for up to 4 GB of monthly traffic. Paid plans are quote-based, scaled by traffic volume rather than a fixed public tier list, so you contact Cloudbric for a quote. Older published rates such as a flat $29/month plan are no longer advertised.

How do I deploy Cloudbric, and does it require code changes?

Deployment is DNS-based: you point your domain's records to Cloudbric and traffic is filtered through its cloud before reaching your origin. There is no agent, appliance, or application code change involved, which makes onboarding fast for non-technical teams.

What makes Cloudbric different from signature-only WAFs?

Cloudbric pairs a patented logic-based detection engine with a deep-learning AI engine, aiming to catch novel attack patterns while keeping false positives low rather than relying purely on signatures. The service is fully managed and bundles DDoS mitigation, free SSL, and bot control, and it is backed by Penta Security's two decades of web-security experience.

Ready to try Cloudbric Web Application Firewall?

Start with the free tier and upgrade as you grow.

Visit Website View Pricing