The mitigation layer that works the moment you point DNS at it.
Layer7 is a reverse proxy and WAF that sits in front of your site, drops attack traffic at our edge, and passes clean requests to your origin. There's no "under attack" button to flip, and no rules you have to configure before the next flood lands. The public beta opens in early Q3 2026. Leave your email and we'll tell you the moment your slot is ready.
No newsletter. One email when your slot opens, and that's it.
You're on the list. We'll be in touch.
What is Layer7?
Most services hand you a control panel and expect you to know which knobs to turn before an attack hits. We think that's backwards. Out of the box, Layer7 is configured the way we'd configure it for ourselves, and you can still write your own rules whenever you want.
Protected at request one
Mitigation engages from the first request, not after your error rate crosses some threshold. Small sites get the same defense as large ones.
No interstitial by default
Bot scoring runs on TLS fingerprints, header consistency, and request cadence, not a JS challenge a headless browser can pass. Real users never see a wall.
Same ruleset on every plan
Managed bot detection, CRS, and credential-stuffing patterns are on for every plan, hobby tier through enterprise. You pay for traffic and seats, not for rules that should already be on.
Rules you can read
Write your own policies in JSON or Lua, per route, per method, per header. Every save is a git commit you can revert. Deploys to every PoP in about five seconds.
Adaptive rate limits, on by default
Calibrated from real traffic to your origin and enabled from day one. Override it per route if you want. You don't have to change anything to be safe on day one.
Origin that stays hidden
We provision origin-side mTLS by default and rotate the cert on a schedule. If your origin IP leaks, the connection still has to prove it came from our edge.
What we've been up to.
A running log of attacks we've absorbed, work that shipped, and the people we've helped take off the internet.
Public beta Next
Waitlist onboarding begins early Q3 2026, with general availability projected for the middle-to-end of Q3. Self-serve signup and the public status page ship alongside it.
Aisuru botnet: intelligence shared with law enforcement War Room
Provided attack telemetry and infrastructure mapping that supported the effort against the Aisuru botnet. Write-up on the War Room blog.
Kimwolf botnet: primary intelligence source War Room
Our threat intelligence was first to reach investigators on Kimwolf and helped drive the law-enforcement response. The traffic we don't deliver to customers is data, and we'd rather it shut something down at the source.
Dashboard & rule editor in closed testing
The control panel, analytics views, and the JSON/Lua rule editor entered hands-on testing with a small group of partner sites running real production traffic.
Origin protection hardened
Shipped origin-side mTLS with automatic certificate rotation, so a leaked origin IP no longer means a bypassed WAF.
Bot scoring engine rebuilt
Moved bot detection onto TLS fingerprinting, header consistency, and request-cadence analysis. Now it scores every request instead of leaning on a JS interstitial.
Custom rule engine shipped internally
Rules in JSON or Lua, versioned like code and deployed to every edge node in seconds. Built it for our own operators first, then started widening access.
Closed testing with partner sites
Began running a handful of real sites fully behind Layer7 to shake out edge cases the synthetic load tests never produced.
2.62B PPS L4 attack mitigated
Mitigated a high-volume Layer 4 DDoS attack peaking at 2.62 billion packets per second and 1.4 terabytes per second over a 3-minute burst, without any disruption or packet loss.
1B PPS L4 attack mitigated
Mitigated a sustained Layer 4 DDoS attack averaging nearly 1 billion packets per second for 16 minutes straight, without any disruption.
Out-of-network auto-scaling ready
Mitigation nodes outside the core network now auto-deploy in seconds, adding global surge capacity when traffic spikes.
15M RPS attack mitigated
Tested against a massive Meris-based Layer 7 attack on WHMCS. Over 99.99% of traffic filtered with PoW and zero rate limiting.
Live botnet testing completed
System proven effective under real attacks from Meris, Gorilla, and Mirai variants with no performance degradation.
API development progress
Core account API endpoints created and tested. Mitigation endpoints are now in development.
Cooperation with law enforcement described above does not imply endorsement by any agency.