Entertainment Government Data Sovereignty WAF Bot Management DDoS Protection Argo Smart Routing

Qiddiya migrated 80+ hostnames from Google WAF to Cloudflare with zero downtime and full KSA data residency.

How Brixio migrated Qiddiya's 80+ hostnames from Google WAF to Cloudflare with zero downtime, achieving 35% faster page loads and full KSA data residency compliance.

Saudi Arabia 5 TLDs · 80+ hostnames 5 min read
Qiddiya
DOWNTIME0Migration across 80+ hostnames and 5 TLDs without service interruption
PERFORMANCE35%Page-load improvement via Argo Smart Routing and optimised caching
DATA RESIDENCY100%Production traffic terminating inside KSA, aligned to NCA / SAMA
BREACHES0Web application breaches recorded after going live on Cloudflare

The challenge

Qiddiya Investment Company, a Public Investment Fund (PIF) giga-project in Saudi Arabia, is developing a global destination for entertainment, sports, and culture. Its digital ecosystem spans 5 top-level domains and over 80 hostnames serving a global audience.

The existing infrastructure relied on Google WAF, which no longer met Qiddiya's requirements:

  • Security posture modernisation. Protection against OWASP top 10 threats, automated attacks, and layer 7 DDoS events needed to be strengthened beyond what the existing WAF provided.
  • KSA data residency compliance. Saudi data protection regulations (NCA / SAMA) required all user traffic and logs to remain within the Kingdom. The existing setup could not guarantee in-country traffic termination.
  • Global performance at scale. As Qiddiya's international audience grew, latency and inconsistent availability were affecting the user experience across markets.

The migration had to be executed without disruption to live digital properties serving a global audience.

What Brixio deployed

WAF migration from Google WAF to Cloudflare

  • Migrated all 80+ hostnames across 5 TLDs with zero downtime.
  • Implemented managed and custom WAF rulesets tuned to Qiddiya's traffic profiles.
  • Reduced false positives while maintaining strong protection coverage.

Bot Management

  • Machine-learning-based detection and scoring to block credential stuffing, scraping, and automated abuse across all properties.

DDoS Protection

  • Always-on L3/L7 protection ensuring 24/7 availability for all digital properties.

Argo Smart Routing

  • Dynamic routing via the least congested Cloudflare paths, reducing latency for Qiddiya's global audience.

CDN and caching optimisation

  • Optimised Edge and Browser TTLs, Always Online enabled for resilience during origin outages.

Digital Localization Suite (DLS KSA)

  • All production traffic terminates within Saudi Arabia.
  • Full data residency compliance with NCA / SAMA requirements.

Monitoring and operational readiness

  • Real-time log ingestion via Splunk for threat detection and operational visibility.
  • Knowledge transfer sessions and Cloudflare best-practices guide delivered to Qiddiya's IT teams.

Architecture

Global visitors and bots converge on Cloudflare with KSA-localised termination via the Digital Localization Suite, before reaching Qiddiya's origins.

Global visitors 5 TLDs · 80+ hostnames
Bot traffic Discovery + abuse
Marketing properties Campaigns + landing
Cloudflare KSA edge
WAFBOT MGMTDDoSDLS KSA
Qiddiya origins In-Kingdom termination
Argo Smart Routing Latency-optimised paths
Splunk SIEM Real-time logs

Results

After 2 weeks of discovery and 7 weeks of implementation, Qiddiya migrated to Cloudflare with zero downtime, faster global performance, full KSA data residency and SIEM-ready visibility.

Zero-downtime migrationAll 80+ hostnames across 5 TLDs migrated from Google WAF to Cloudflare without service interruption.
35% faster page loadsArgo Smart Routing and optimised caching reduced page-load times for Qiddiya's global audience.
100% KSA data residencyAll production traffic terminates inside Saudi Arabia, meeting NCA and SAMA data-residency requirements.
Audit-ready visibilitySplunk integration provides real-time logs across WAF, Bot, DDoS and Access events for proactive threat detection.
Sector perspective

Vision 2030 giga-projects must combine global reach with in-Kingdom data residency.

This engagement demonstrates Brixio's ability to execute a large-scale WAF migration for a high-profile client with strict regulatory requirements, zero tolerance for downtime, and a global audience. The combination of application security, performance optimisation, and data residency compliance in a single deployment is the kind of architecture that NCA, SAMA and SDAIA increasingly require for KSA-regulated digital estates.

NCA KSA SAMA SDAIA
Data sovereignty solutionsGovernment industry
Other client stories

More Brixio × Cloudflare deployments

Transport Zero Trust Access Gateway / SWG

Identity-based access for 2,000+ airport operations users

Identity-based access replaces legacy VPN for 2,000+ operations users on Cloudflare Zero Trust and Gateway.

Read the case study
Transport WAF Bot Management

NESA-aligned application security for UAE ports and logistics

WAF, Bot Management and API Shield on public-facing Dubai government applications, aligned to NESA controls.

Read the case study
Government Cloudflare Tunnel Zero Trust Access

Zero Trust Access without public IP exposure

Cloudflare Tunnel and Zero Trust Access remove the public IP from a Saudi government valuation platform.

Read the case study
Migrating from Google WAF?

Map your path to Cloudflare with in-Kingdom data residency.

Run a free Snapshot to assess your current WAF posture, KSA data-residency exposure and migration risks, with a prioritised roadmap from a Cloudflare ASDP partner.

Get a free Cloudflare audit Talk to a specialist