Cloudflare WAF is $20/mo (Pro). Rampart is a self-hosted alternative at $1.99/mo. Here's when each makes sense.
| Rampart | Cloudflare WAF | |
|---|---|---|
| Hosting | Self-hosted, your infra | Managed SaaS (cloud only) |
| Data location | Your server, your disk | Cloudflare WAF's cloud |
| Free tier | 3 rules | Paid only |
| Pro pricing | $1.99/mo | $20/mo (Pro) |
| Dependencies | None (single binary + SQLite) | N/A (managed) |
| Setup time | ~30 seconds | Account signup |
| Dashboard | Built-in at /ui | Cloud dashboard |
| License | BSL 1.1 | Proprietary SaaS |
Rampart is a single Go binary with embedded SQLite. Install it with one command, and you are running in under a minute. Your data stays on your server.
curl -fsSL https://stockyard.dev/rampart/install.sh | sh
Cloudflare WAF is a strong product. There is no point pretending otherwise. Where Rampart earns its place is in situations where Cloudflare WAF cannot be used — airgapped environments, regulated industries, teams with strict data sovereignty requirements, or simply developers who prefer tools they can inspect end to end. If none of those constraints apply, Cloudflare WAF may genuinely be the better choice.
Rampart runs as a single static binary with an embedded SQLite database. There is no application server, no cache layer, no background worker. One process handles HTTP requests and reads from and writes to the database file directly. This simplicity is the entire point — fewer moving parts means fewer things that can break at 2 AM.
Switching from Cloudflare WAF to Rampart is straightforward for most teams. Export your data from Cloudflare WAF (most services offer CSV or JSON export), then POST each record to Rampart's API. A migration script that reads the export and writes to /api/ endpoints typically takes less than 50 lines of code. The reverse migration is equally simple — Rampart's SQLite database is a standard file you can query with any SQLite client.
Single binary. Free to start. $1.99/mo for Pro.