Frequently Asked Questions
It depends on what you are protecting and at what scale. If you are an individual business or e-commerce operator looking to protect a single domain or a handful of websites, our standard plans offer full L3/L4/L7 protection and WAF out of the box — with a free 15-day Advanced trial so you can evaluate before committing.
If you are a hosting provider, MSP, or telco looking to protect your own infrastructure and resell protection to your customers, our partner programme is the right starting point — it includes white-label capabilities, multi-tenant management, and a dedicated partner success team.
For national carriers, critical infrastructure operators, and large enterprises with specific requirements around on-net hardware deployment, BGP peering, or dedicated scrubbing capacity, we offer bespoke configurations designed around your network architecture.
When in doubt, speak to our team — we will assess your setup and recommend the right fit, not the most expensive option.
For most customers, protection is live within hours. Activation requires a single DNS record change — either a CNAME or A record update — with no hardware procurement, no code changes, and no downtime to your existing services.
Once DNS propagates, WEDOS Protection begins analysing your traffic immediately. Our engineers handle the full initial configuration, including baseline traffic profiling, WAF rule tuning, and GeoIP setup tailored to your traffic patterns. For WordPress and WooCommerce sites, a native plugin makes the process even faster.
For larger deployments — hosting partners, telcos, or enterprise customers with complex multi-domain environments — our onboarding team manages the full rollout end to end, including BGP integration where applicable.
No — and this is by design. WEDOS Protection is built on a global anycast network with 100+ points of presence, meaning traffic is routed to the nearest scrubbing node rather than being redirected to a distant data centre. The added latency is negligible for legitimate users.
For e-commerce and payment-sensitive environments specifically, our architecture is designed to avoid introducing delays that could interfere with checkout flows, 3DS redirects, or payment processor webhook timing.
All traffic processing, scrubbing, logging, and management takes place on infrastructure physically located within the European Union, owned and operated by WEDOS. No data is routed through or stored on third-party cloud infrastructure, and no component of the platform is subject to foreign legal jurisdiction.
Where Layer 7 inspection requires temporary decryption of TLS traffic, this occurs exclusively on dedicated hardware within certified EU data centres. Decrypted content is never stored — inspection happens in memory, traffic is re-encrypted, and clean requests are forwarded to your origin server. Your data remains yours, under EU law, at all times.
Yes. WEDOS Protection is architected for compliance from the ground up — not retrofitted to meet regulatory requirements.
For GDPR, the key assurance is data localisation: all processing happens within the EU, under EU jurisdiction, with no third-party data sharing. For NIS2, the platform provides the continuous monitoring, audit-grade event logging, SIEM integration, and incident documentation that essential and important entities are required to maintain. We also provide ready-to-use compliance documentation packages for customers who need to demonstrate their security posture to regulators or auditors. WEDOS Protection is ISO 27001 certified.
WEDOS Protection covers the full attack spectrum across all three network layers:
Network & transport (L3/L4): SYN floods, UDP floods, ICMP floods, DNS amplification, NTP amplification, SNMP reflection, and other volumetric and protocol-based attacks.
Application layer (L7): HTTP floods, Slowloris, RUDY, SQL injection, cross-site scripting (XSS), credential stuffing, and zero-day application-layer patterns — detected via AI-driven behavioural analysis, JA4 TLS fingerprinting, and OWASP ruleset enforcement.
Bot and automated threats: Malicious crawlers, price scrapers, inventory bots, fake account creation, and account takeover attempts — identified through real-time behavioural anomaly detection and blocked without impacting legitimate users.
Yes — and this is one of the areas where WEDOS Protection differs from generic WAF and DDoS solutions. Rules are configurable at the domain, subdomain, endpoint, and API level. You can define custom conditions combining IP reputation, GeoIP, rate metrics, JA4 fingerprints, UserAgent strings, ASN classification, and behavioural signals.
WAF paranoia levels can be adjusted per environment — lower sensitivity for high-traffic public-facing pages where false positives are costly, higher sensitivity for admin panels, payment endpoints, or APIs where precision matters more than throughput. Rule changes propagate across the global anycast network in real time.
Three reasons that matter operationally, not just commercially.
First, infrastructure ownership. WEDOS does not resell another provider’s capacity. Our anycast network, scrubbing logic, WAF, and management platform are built and operated by us — end to end. That means no upstream SLA to hide behind, no third-party dependency, and full accountability to you.
Second, European sovereignty. Cloudflare and Akamai are US-headquartered platforms subject to US law. For organisations serving regulated industries, government customers, or EU citizens, routing security-sensitive traffic through a foreign-jurisdiction platform is a compliance and risk exposure that is increasingly difficult to justify — especially under NIS2. WEDOS is European infrastructure, legally and operationally.
Third, operational credibility. WEDOS started as an infrastructure operator — we built DDoS protection to defend our own network of hundreds of thousands of domains before offering it to anyone else. We are not a security vendor that built a network. We are a network operator that built security. That distinction is reflected in every architectural decision the platform makes.
Yes. WEDOS Protection’s partner programme is designed for hosting providers, MSPs, and telecoms operators who want to offer DDoS protection under their own brand to their customers.
Partners get access to a white-label platform with full multi-tenant management, their own branded customer-facing interface, flexible revenue share and resale margin structures, co-marketing support, and a dedicated partner success team. There are no upfront capacity commitments — your costs scale with your resale volume.
For telcos and carriers, on-net PoP hardware deployment is also available, bringing WEDOS scrubbing capacity physically inside your datacenter and enabling the highest-performance, most sovereignty-compliant configuration possible.
The moment an attack begins, WEDOS Protection responds automatically — no action is required on your part for standard attack signatures. Mitigation triggers at the network edge, traffic scrubbing activates, and your services continue operating.
For active incidents, your Grafana real-time dashboard gives you full visibility into traffic volume, attack classification, and filtering decisions as they happen. If you need human support during an attack, our 24/7 NOC is available with direct escalation to senior engineers — not a first-line helpdesk. Government, critical infrastructure, and enterprise customers on VIP plans have a dedicated escalation path with guaranteed response times defined in their SLA.
For complex or prolonged attacks, our security engineers can perform live rule tuning, activate emergency GeoIP restrictions, and escalate WAF paranoia levels in real time — minimising the window between attack onset and full mitigation.
Have a question not covered here? Speak to our team.