Sold by: Penta Security
Deployed on AWS
Vendor Insights
Cloudbric Managed Rules for AWS WAF - Tor IP Protection provides security against Anonymous IP traffic, specifically originating from Tor network, which can be difficult to detect using an ordinary IP Risk Index.
4.1
Overview
Cloudbric Managed Rules for AWS WAF - Tor IP Protection was created to protect the websites and web applications against the threats from Anonymous IPs, specifically IPs from Tor network.
Tor IP Protection utilizes a list of malicious Tor IPs, managed and updated regularly by Cloudbric Labs, to detect and respond to IPs originating from Tor Browsers. These IPs can be difficult to detect using an ordinary IP Risk index because the traffic originating from Tor Browsers stays anonymous by relaying through 3 random servers (relays).
Cloudbric Managed Rules for AWS WAF is created based on the security technologies and expertise of WAPPLES which has protected the web services for enterprises since 2005 and has recently been validated by a third-party testing firm to have a top-tier detection rate. Cloudbric Managed Rules for AWS WAF utilizes Penta Security's own Cyber Threat intelligence (CTI), Cloudbric Labs, to provide a safer online environment.
Interested in trying out the product before committing? Click the 'Request Private Offer' button to contact us. We offer a 14-day free trial so you can explore the product firsthand. Please note that after the free trial period, the private offer will automatically convert to a regular subscription at the standard rate.
Having difficulties managing the rules for your AWS WAF? Cloudbric WAF Managed Service (WMS) provides you with accurate information about the threats and vulnerabilities on your web application in real time, easy-to-use management system and dedicated console, and rule optimization from our security experts so that you can implement a security level best fit for your AWS WAF even if you do not have an expert security knowledge.
AWS Marketplace: https://aws.amazon.com/marketplace/pp/prodview-r4opjncghemnc Cloudbric Website: https://www.cloudbric.com/cloudbric-wms/
Highlights
- Provides web security against the malicious Tor IP traffic.
- Top-tier detection rate validated by a third-party testing firm.
- Regularly managed and updated by Cloudbric Labs.
Details
Sold by
Categories
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
PCIDSS
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Charge per month in each available region (pro-rated by the hour) | $20.00 |
Charge per million requests in each available region | $0.20 |
Vendor refund policy
Non-Refundable
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
For product-related all inquiries, please contact : awsmkp@pentasecurity.com .
If you are a buyer based in Japan, and need to request a TQI, please contact: jp-sales@pentasecurity.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Penta Security
By Cyber Security Cloud
Top
100
In Media & Entertainment
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Tor Network Traffic Detection
Detects and responds to IP addresses originating from Tor Browsers by utilizing a managed list of malicious Tor IPs that relay through multiple random servers.
Threat Intelligence Integration
Utilizes Penta Security's Cyber Threat Intelligence (CTI) from Cloudbric Labs to provide threat detection capabilities.
Anonymous IP Protection
Provides security against Anonymous IP traffic that is difficult to detect using standard IP Risk Index methods.
Regular Rule Updates
Maintains regularly updated and managed rules for detecting malicious traffic patterns.
AWS WAF Integration
Integrates with AWS WAF as managed rules for web application firewall protection.
OWASP Top 10 Attack Protection
Provides protection against web attacks including SQL injection, cross-site scripting (XSS), command injection, NoSQL injection, path traversal, and predictable resource exploitation.
Managed Rule Updates
Rules are written, managed and regularly updated by F5's security specialists to ensure protection against evolving threats without requiring manual intervention.
AWS WAF Integration
Rules can be attached to AWS WAF instances for immediate deployment and protection enhancement.
Automated Threat Detection
Utilizes security expertise to identify and mitigate vulnerabilities that are part of the OWASP Top 10 attack vectors.
Pay-as-You-Go Licensing Model
Rules are licensed on a consumption-based pricing structure where usage determines costs.
Threat Intelligence Integration
Rulesets regularly updated with latest threat alerts using Cyber Threat Intelligence
OWASP Top 10 Coverage
Comprehensive protection against all OWASP Top 10 Web Application Threats
Code Injection Prevention
Managed rules targeting code injection techniques including SQLi, NoSQLi, and OS command injection
Technology-Specific Vulnerability Protection
Dedicated rules for known exploits in Apache Struts2, Apache Tomcat, Oracle WebLogic, WordPress, Drupal, and Joomla
Malicious Bot Detection
Malicious Bots rulesets included for bot-based threat mitigation
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Mario Rodríguez Hernández
Managed rules have streamlined deployments and have improved security for internet-facing apps
Reviewed on Jun 18, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Cloudbric Managed Rules for AWS WAF is to associate it with CloudFront distributions, API Gateway, and application load balancers in the different applications that I deploy on AWS .
A specific example of how I integrate Cloudbric Managed Rules for AWS WAF in my applications is that I have associated it with an application that is exposed to the internet, both in API Gateway and in CloudFront, where it provides me with very high security and I do not have to get directly involved in managing the WAF rules, since they are already managed for me by this solution.
What is most valuable?
I consider the best features offered by Cloudbric Managed Rules for AWS WAF to be ease of use.
Regarding ease of use, I find it especially simple and intuitive when working with this solution because since it is a Marketplace product, I just purchase it and it already appears as an option within WAF, and those rules are provided to me and I do not have to do anything else; I do not have anything to manage or create.
Cloudbric Managed Rules for AWS WAF has positively impacted my organization by improving both security and efficiency when deploying these services without having to manage or create those WAF rules myself.
It has improved efficiency in deployments because I do not need a specific security profile; instead, once I purchase the product, I link those rules to the different CloudFront and ALB and API Gateway, as I mentioned before, and I do not worry about it anymore. I need fewer staff on projects.
What needs improvement?
I would like Cloudbric Managed Rules for AWS WAF to continue being improved.
For how long have I used the solution?
I have been using Cloudbric Managed Rules for AWS WAF for one year.
What do I think about the stability of the solution?
I consider Cloudbric Managed Rules for AWS WAF to be stable.
What do I think about the scalability of the solution?
I find the scalability of Cloudbric Managed Rules for AWS WAF adapts to the growth of my needs.
How are customer service and support?
My experience with the customer support of Cloudbric Managed Rules for AWS WAF has been positive; I have not had to use it.
Which solution did I use previously and why did I switch?
I used the native AWS ones before Cloudbric Managed Rules for AWS WAF and decided to switch because these were more secure.
I used Amazon's native managed rules and I moved to Cloudbric Managed Rules for AWS WAF because in forums and from various specialists they indicated that these were of higher quality and provided greater security for applications.
How was the initial setup?
I purchased Cloudbric Managed Rules for AWS WAF through the AWS Marketplace .
What was our ROI?
I have seen a return on investment with this solution, particularly in terms of staff reduction.
Since I started using this tool, I estimate that I need one fewer person per project.
What's my experience with pricing, setup cost, and licensing?
My experience with the price, implementation costs, and licensing of this tool was that I did not have any noteworthy problems; everything went smoothly.
Which other solutions did I evaluate?
Before choosing Cloudbric Managed Rules for AWS WAF, I evaluated other options such as the managed rules from Fortinet and I chose these because they had a better price.
What other advice do I have?
My advice to other people who are considering using Cloudbric Managed Rules for AWS WAF is to analyze the results it can give them, and how it can make their applications more secure and better protected from the internet. I would rate this solution an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Ayodeji Bayo-Makinde
Granular api security has freed team resources and reduced effort but detection accuracy needs work
Reviewed on Jun 13, 2026
Review from a verified AWS customer
What is our primary use case?
Currently, I use Cloudbric Managed Rules for AWS WAF for one of my AWS Load Balancer integrations, placing the managed rules in front of my load balancer as a form of security measure for traffic coming into the application. My application is a public internet-facing application, which is unique about my environment and setup.
What is most valuable?
The feature that stands out to me the most about Cloudbric Managed Rules for AWS WAF is the API protection, as many managed WAF rule sets are originally designed around traditional websites, but Cloudbric integrates a dedicated API protection module aimed at REST APIs, GraphQL endpoints, XML validation, and API-specific attacks.
My experience with the API protection module is positive, as I had one implementation for a mobile backend and some FinTech APIs where Cloudbric Managed Rules for AWS WAF really worked wonders for that setup, requiring minimal modifications or tweaking.
Another thing I appreciate about Cloudbric Managed Rules for AWS WAF is that it does not force me into a monolithic package, allowing for selective deployments where I can choose specific protections such as only malicious IP, thus providing flexibility to control costs and capacity consumption.
Cloudbric Managed Rules for AWS WAF has positively impacted my organization by freeing up human resources that would otherwise be dedicated to creating and managing WAF rules, helping me reduce costs as I can streamline WAF rules for some applications and deploy protection in less than an hour instead of days or weeks.
What needs improvement?
I find that the only drawbacks with Cloudbric Managed Rules for AWS WAF are its less market penetration, especially in North America and Europe, resulting in fewer community reviews, published case studies, and a small ecosystem of users, along with less third-party validation and occasional false positives triggered by API payload or JSON bodies.
For how long have I used the solution?
I have been using Cloudbric Managed Rules for AWS WAF for just over a year.
What do I think about the stability of the solution?
Cloudbric Managed Rules for AWS WAF has been fairly stable in my experience.
What do I think about the scalability of the solution?
In terms of scalability, Cloudbric Managed Rules for AWS WAF has been fairly scalable for my use case, working really well.
How are customer service and support?
Customer support for Cloudbric Managed Rules for AWS WAF has been quite good, and although I have not had to use it often, the few times I have reached out, they have been satisfactory.
Which solution did I use previously and why did I switch?
Previously, I was using Imperva and F5 for that particular use case, but I switched to Cloudbric Managed Rules for AWS WAF because I did not need the full protection those tools provided; I needed something more flexible.
How was the initial setup?
My experience with Cloudbric Managed Rules for AWS WAF's pricing and setup was positive; the setup was fairly straightforward and took less than an hour, and the pricing is very good and flexible, allowing me to choose the parts of WAF protection I want.
What's my experience with pricing, setup cost, and licensing?
I can definitely say that since using Cloudbric Managed Rules for AWS WAF, I need fewer employees because those who would have been dedicated to creating and managing WAF rules are now free to pursue higher priorities, leading to reduced cost in human resources.
Which other solutions did I evaluate?
The only other option I evaluated before choosing Cloudbric Managed Rules for AWS WAF was Fortinet, but it was still too much for what I needed.
What other advice do I have?
I have not had to use the AI capabilities of Cloudbric Managed Rules for AWS WAF yet, but from others' feedback, it has been fairly standard performance for the markets.
I have not noticed anything specific regarding the accuracy and reliability of output from Cloudbric Managed Rules for AWS WAF since I have not really made use of the AI capabilities, so that is still to be seen on my end.
I did purchase Cloudbric Managed Rules for AWS WAF through the AWS Marketplace .
My advice for others looking into using Cloudbric Managed Rules for AWS WAF is that if you have a use case for granular WAF rules where you do not need full traditional rule protection, especially for securing APIs, Cloudbric Managed Rules for AWS WAF is really effective at API-specific protection. I would rate this product a seven out of ten.
Nguyen
Perfect fit for scanning tor incoming
Reviewed on Apr 14, 2025
Review from a verified AWS customer
Screening Tor traffic is a key security concern for our operations, so we decided it was the right time to add an extra layer to our WAF configuration. When I asked around for a cost-effective yet reliable managed rule set, this one came highly recommended by AI—and it really delivers.
Installation was smooth and straightforward, just a few clicks. We did require some advanced custom settings to ensure smooth operations, and their support team was incredibly helpful, guiding us through the process and even suggesting a few extra options in case we experience traffic spikes.
Pricing is based on region and request volume, which makes it very affordable at the moment. Of course, unexpected situations can arise, but it’s good to know they have flexible offerings ready when needed.
I gave it 4 out of 5 stars only because the advanced settings were a bit confusing at first and I had to reach out for help. But apart from that, everything works flawlessly. Very likely to recommend this to other tech teams.
De Luca
Wish There Was a Bundle for All IP Sets
Reviewed on Mar 31, 2025
Review from a verified AWS customer
I'm already using Anonymous IP and have been pretty happy with the results so far. Recently decided to add the tor Protection as an extra layer since we started seeing more suspicious activity that we assume coming from Tor exit nodes.
Setup was quick and worked well alongside the existing rules. It’s a nice addition if you're looking to tighten access without affecting legit users too much.
One thing I’d love to see is an IP threat bundle—something like a package that includes Anonymous IPs, Tor, and Malicious IPs all in one subscription. It’d be way more convenient than subscribing to each one separately.
Overall, solid rule set for those wanting more control over incoming traffic from anonymized sources.
Lucas M.
Pretty worth it for small business like mine
Reviewed on Mar 14, 2025
Review provided by G2
What do you like best about the product?
The pricing is fair—I only pay what I deserve.
I appreciate the targeted focus on Tor IPs, which adds a charming touch to the service.
Their top tier detection rate looks promising, so I'm willing to give it a shot.
Very easy to integrate into WAF with just few clicks.
Oh and the customer contact was very helpful as well.
So far so good!
I appreciate the targeted focus on Tor IPs, which adds a charming touch to the service.
Their top tier detection rate looks promising, so I'm willing to give it a shot.
Very easy to integrate into WAF with just few clicks.
Oh and the customer contact was very helpful as well.
So far so good!
What do you dislike about the product?
I could not find any at this point.
I hope this fair service continues.
I hope this fair service continues.
What problems is the product solving and how is that benefiting you?
They detect bad IPs from Tor incomming and filter them for me so I do not have to worry about the malicious traffics.