Cloudflare-Powered Security Platform

Protect every domain.
Block every threat.

Enterprise-grade DDoS protection, Web Application Firewall, and bot management — powered by Cloudflare's global network with intelligent Layer 7 protection on top.

Start Free TrialTalk to Sales
300+
Cloudflare PoPs
<50ms
Proxy Overhead
4-Stage
Challenge System
CloShield Dashboard
Total requests today2.4M
Threats blocked12,847
Bot challenges issued3,291
Bandwidth today4.2 GB
Active domains8
Firewall rules matched1,024

Built on battle-tested infrastructure

☁️ Cloudflare
🔷 Go
🐘 PostgreSQL
Redis
🐳 Docker
🟢 Node.js
Next.js

Architecture

Two layers of protection, working together

Every domain runs behind Cloudflare's free tier for L3/L4 DDoS absorption and global CDN. CloShield adds the intelligent L7 layer that Cloudflare's free plan doesn't provide.

Client
Browser / API
Cloudflare
L3/L4 DDoS, CDN, SSL
CloShield
L7 WAF, Challenges, Rate Limit
Origin
Clean traffic only

Getting started

Protected in three simple steps

Get your website behind CloShield's protection layer in minutes, not days.

1

Add your domain

Enter your domain name and backend origin IP. CloShield creates the necessary DNS records and Cloudflare proxy configuration automatically via the Cloudflare API.

2

Point DNS through Cloudflare

Update your domain's nameservers to Cloudflare (free plan). CloShield verifies the DNS propagation and activates the proxy once detected.

3

Protection goes live

Traffic starts flowing through Cloudflare → CloShield → your origin. DDoS protection, rate limiting, bot detection, and WAF rules activate instantly with zero configuration.

PROTECTION

Four-stage adaptive challenge system

CloShield doesn't just block traffic — it thinks. When traffic pressure increases, the system automatically escalates through four challenge stages: transparent cookie verification, JavaScript proof-of-work, image CAPTCHA, and hard block. When pressure drops, it de-escalates just as smoothly. Legitimate visitors never see a challenge page.

Cookie verification (zero friction)
JavaScript proof-of-work
Image CAPTCHA escalation
Automatic de-escalation
Challenge Escalation Flow
Stage 1Cookie Verificationtransparent
Stage 2JS Proof-of-Work~2s solve
Stage 3Image CAPTCHAinteractive
Stage 4Hard Block403 response
↕ Auto-escalation based on traffic pressure per domain
FIREWALL

gofilter: write rules that match your threat model

CloShield's rule engine uses gofilter — a human-readable expression syntax that lets you match on any request attribute. Combine IP ranges, country codes, ASNs, URL paths, HTTP methods, headers, user agents, query parameters, and even TLS fingerprints into precise rules. Set actions per rule: allow, block, challenge, or increase suspicion score.

IP, CIDR, country, ASN matching
Path, method, header, UA targeting
TLS/JA3 fingerprint rules
Suspicion score actions
gofilter rules
# Block access to admin path from specific country
ip.country eq "CN" and http.path contains "/admin"
→ action: 4 (block)
# Escalate bots with unknown TLS fingerprint
ip.bot ne "" and ip.fingerprint eq "unknown"
→ action: +2 (escalate)
# Whitelist internal monitoring
ip.src eq 10.0.0.1
→ action: 0 (allow)
ANALYTICS

Per-request visibility with live traffic feed

Every request that flows through CloShield is logged with full context: source IP, geolocation, ASN, user agent, matched rule ID, and action taken. The live traffic feed updates in real-time with auto-refresh. Filter by status, country, IP, or rule match. Export traffic logs for forensic analysis and compliance.

Live auto-refreshing traffic feed
IP, country, ASN, and rule-match data
Bandwidth tracking per request
Exportable logs for compliance
Live Traffic Feed
14:23:01103.21.x.xIN/api/loginALLOWED
14:23:0145.134.x.xRU/wp-adminBLOCKED
14:23:02192.168.x.xUS/checkoutALLOWED
14:23:0289.248.x.xNL/xmlrpc.phpCHALLENGED
14:23:0323.94.x.xUS/.envBLOCKED

Why CloShield

What changes when you switch

Without CloShield

Separate vendors for WAF, CDN, and DDoS
Cloudflare free plan has no L7 WAF rules
No bot management without enterprise pricing
Manual DNS and certificate management
Hours of configuration per domain
No real-time per-request visibility

With CloShield

Single platform: WAF + DDoS + bot management
Full L7 protection on Cloudflare free tier
Adaptive challenges with near-zero false positives
Automated DNS via Cloudflare API
3-minute setup with guided onboarding
Live traffic feed with per-request drill-down

Use cases

Built for every industry that depends on uptime

From hosting providers to e-commerce — CloShield adapts to your specific protection needs.

🏢

Hosting Providers

Offer DDoS protection as a value-add to your hosting plans. WHMCS webhook integration automates billing and domain provisioning. Manage hundreds of customer domains from a single admin panel.

🛒

E-commerce Sites

Protect checkout flows from credential stuffing and bot attacks. Rate limiting prevents inventory scraping. The adaptive challenge system keeps real shoppers browsing while blocking automated threats.

🏛️

SaaS Applications

Shield your API endpoints and customer dashboards. Custom gofilter rules let you build security logic that matches your application's specific threat model. Multi-backend routing enables zero-downtime deployments.

📰

Media & Publishing

Handle viral traffic spikes without going offline. CloShield's rate limiting keeps scrapers and bots at bay while real readers pass through transparently. Per-request logging helps with content analytics.

4-StageAdaptive challenge system
AES-256Encryption at rest
<50msProxy overhead
300+Cloudflare edge locations

Pricing

Simple, transparent pricing

No bandwidth charges. No hidden fees. Choose based on the number of domains you need to protect.

 
 
 
 
 
 
View full comparison →

Ready to secure your infrastructure?

Start your free trial — add your first domain and have enterprise-grade protection live in under 5 minutes. No credit card required.

Start Free TrialContact Sales