WAF Qrator


Please note that any website can be subject to DDoS attacks and hacking.

If you host your website (application) infrastructure in Selectel, then we recommend enabling WAF Qrator protection against hacking.

To protect yourself against hacking, you first need to protect the website at the network level, and then protect the application — for this, Qrator protection (from both L3 and L7) and WAF Qrator are enabled.

Learn more about the protection provided by Qrator in the instructions.

WAF detects and blocks attacks from the OWASP Top 10 threat list:

  • injection;
  • broken authentication and session management;
  • cross-site scripting (XSS);
  • insecure direct XML objects and external entities references (XXE);
  • security misconfiguration;
  • broken access control;
  • cross-site request forgery (CSRF);
  • insecure deserialization;
  • using components with known vulnerabilities;
  • unvalidated redirects and forwards;
  • insufficient logging and monitoring.

WAF Qrator Technical Specifications

An integrated Qrator Labs WAF solution based on SolidWall WAF is a tool that allows you to fix vulnerabilities in web applications. Representing a wider WAF NG class, this solution uses a positive model to protect web applications — but unlike others, it contains a negative query analysis model. This combined approach allows you to significantly reduce resources for implementation. This is because any positive model needs to be trained, and this requires significant time and labor costs and takes on average from 1 to 3 weeks, during which this web resource remains actually unprotected. An integrated Qrator Labs solution, combined with SolidWall WAF with a negative model inside, allows you to immediately cut off a wide class of vulnerabilities.


Prices for WAF Qrator can be found in the Control panel.

The service is provided according to the following tariffs:

  • Elementary WAF
  • Advisory WAF

The billing period is considered to be a calendar month. The subscription fee is charged in full on the first day of each month. The service commencement date is agreed upon individually.

Traffic bandwidth is measured every three minutes. The 30 maximum values per month (1.5 hours) are not taken into account. The 31st maximum value is the desired bandwidth.

Please note that the amount of legitimate traffic included in the package of the provided service is 3 Mbps. If the included amount of legitimate traffic is exceeded, additional traffic is paid for separately under the pay-as-you-go model.

Enabling the Service

Follow these steps to enable WAF Qrator in the Control panel:

  1. Go to the Network Services section and open the Anti DDoS tab.
  2. Click Order services.
  3. In the list that opens, select the required service according to the selected tariff and click Pay.
  4. Specify the payment period in the new window.
  5. Click Pay for Service.

Service Usage

To access your Qrator account, enter your login and password provided in the ticket.

From your account, you can track:

  • monitoring dashboards;
  • displayed security events with the ability to group;
  • displayed log of blocked transactions.

When selecting the Advisory tariff in your account, you can enable/disable protection tool and false-positives protection.

Disabling the Service

To disable the service, create a ticket.

The amount of the subscription fee is fixed and doesn’t depend on the term of the provision of the services in a specific billing period.

Please note that you will receive a notification in the ticket 30 calendar days before the service is disabled. By agreement, the service can be disabled from the first day of the next calendar month. The subscription fee for the current period is not refundable.