Implement your own protections with custom rules, managed rulesets, and Vercel BotID, all from a single firewall dashboard with live traffic insights.
DDoS Protection
Protect uptime and control infrastructure cost by filtering high-volume request floods.
Web Application Firewall
Apply custom rules to implement business logic and stop credential stuffing, malformed requests, and vulnerable routes.
Bot Protection
Catch non-browser agents, spoofed headers, and simple replay attacks.
Automatically mitigate Layer 3, DDoS, and other high-volume attacks before they reach your applications.
Use the WAF's UI or API to define custom business logic and precisely control traffic.
Mitigate the most critical risks, like OWASP Top 10, using predefined advanced rulesets.
Browser checks help ensure that only legitimate users can access your application during an attack.
The bots.fyi directory is a public list of verified bots maintained by Vercel. It’s continuously updated to reflect new services, helping you stay informed and make better decisions about which automated traffic to allow.
Stop attacks before they reach your app and critical endpoints.
Vercel Firewall filters billions of requests per week across TCP and HTTP layers by default.
Blocks L3/L4 and L7 DDoS attacks in real time across the entire platform.
Basic or deep Kasada-powered analysis, easily configurable.
Identify and block headless browsers, scripts, and automation tools.
Optionally block known AI scrapers and model trainers with one toggle.
Challenges suspicious sessions or validates traffic invisibly with Vercel BotID.
Firewall is active
All systems normal
50k
40k
30k
20k
10k
0k
Log request starting with /
Challenge user agents that look like bots
Deny traffic from Germany
