Stop attacks, intrusions and dark traffic from within your web stack.

Wafris is a free and open source Web Application Firewall that identifies threats and stops attacks from within your favorite Web Framework, HTTP Server or Kubernetes Ingress Controller.

What's Wafris do for you?

The modern internet is full of threats. Wafris defends
against attacks and bots abusing your site.

Attack Protection: Leverage Wafris rulesets to block attacks like SQL injection, XSS, and more.
Request Visualization: You can't block what you can't find. Wafris gives you a real-time view into the requests hitting your app so bad behaviors jump out.
Blocking Rules: Set custom blocking rules on IP addresses, user agents, paths and more.
Rate Limiting: Rate limiting is a big roadblock for attackers. Set and tweak rate limits allow users and block attackers.
Insights: We grade every IP's risk level and provide a grade based on past behavior.
Escalation: Every day we help sites defend against attacks. Get expert operational security help when you need it.

Declaration of Security

Something has gone wrong with our Internet. It shouldn't be the case that it's easier to attack a site than to defend it. It shouldn't be the case that the default state of a web application is to be vulnerable to attacks. It shouldn't be so easy to find an IP address in your logs doing clearly bad things and so hard to do something about it.

We believe that every site should ship with the ability to:

Block basic request properties like IP addresses, user agents and malicious paths.
Rate Limit Traffic overall traffic
View a list of the IPs that have made requests in the last 24 hours

Attacks hit every web app by default. Why isn't there a default set of defenses?

Wafris adds practical, immediately useful, easily configured security features to your web application.

How it works

Wafris installs as a middleware in your web framework, HTTP server or Kubernetes ingress controller that analyzes every request and blocks attacks.

Connected to your Redis instance, rules are executed with blazing speed, keeping your site fast and secure.

Web Frameworks

Django

High-level Python Web framework

Laravel

Elegant PHP Web framework

NodeJS

JavaScript runtime built on Chrome

Rails

Ruby framework for web development

Blazor

Web framework in .NET

Kamal

Cross cloud deployment

HTTP Servers

Caddy

Open source web server

Nginx

Web server and reverse proxy

Apache

Most used web server software

Ingress Controllers

Traefik

Modern HTTP reverse proxy

HA Proxy

Reliable, high performance TCP/HTTP

Kong

Cloud-native API gateway

Envoy

High performance, open source proxy

Strong & Secure

What makes Wafris better?

We've built Wafris from the ground up to directly address the shortcomings that we found in both legacy DNS based WAF providers and in other solutions that only partially addressed the true operational security concerns that you're forced to care about because the Internet is full of jerks.

Multi Host Support: If you have a SaaS that's issued clients' vanity domains pointing to your service (or a large number of wildcard subdomains) it's not feasible to change them. But, with Wafris there's no need to, multiple hosts are secured by default.
Faster through physics: DNS based solutions by design put requests to your app through more network hops. They're inevitably slower than a Redis datastore sitting next to your app.
No DNS configuration: DNS changes often cause downtime and making modifications can be a challenge. In many cases, it's just not feasible to get clients or other groups to make DNS updates for you. Since Wafris works with inside your existing stack, there's no DNS updates needed.
Integrated investigation and blocking: You can't block what you can't find. Wafris gives you a real-time view into the requests hitting your app. You don't have to grep through logs or write custom Elastic queries to find bad behavior.

Secure your site today.

Wafris lets you see what's really happening in your web app, take actions to protect it and get help when you need it.

Security Resources

Tools, guides and articles to help you improve your web application security.

Apr 20, 2024 Tools

IP Lookup

Investigate IP addresses for malicious activity. Identify Botnets, Proxies, Tor, Hosting Providers, and more.

Try It Now

Mar 26, 2024 Guides

Our Experience Migrating to Jumpstart Pro

We migrated to Jumpstart Pro to provide a lot of the core SAAS features for Wafris. This guide walks you through our migration and some of the pitfalls we encountered along the way.

All Guides

Mar 28, 2024 Updates

Update: AI Bot Blocking Edition

Learn how to (and if you should) block AI bots from accessing your site. Our experiences migrating the backend of our application to JumpStartPro and why you should be very cautious about handling DS_Store files.

All Blogs