Stop attacks, intrusions and dark traffic from within your web stack.

Wafris is a free and open source Web Application Firewall that identifies threats and stops attacks from within your favorite Web Framework, HTTP Server or Kubernetes Ingress Controller.

What's Wafris do for you?

The modern internet is full of threats. Wafris defends
against attacks and bots abusing your site.

Attack Protection

Leverage Wafris rulesets to block attacks like SQL injection, XSS, and more.

Request Visualization

You can't block what you can't find. Wafris gives you a real-time view into the requests hitting your app so bad behaviors jump out.

Blocking Rules

Set custom blocking rules on IP addresses, user agents, paths and more.

Rate Limiting

Rate limiting is a big roadblock for attackers. Set and tweak rate limits allow users and block attackers.


We grade every IP's risk level and provide a grade based on past behavior.


Every day we help sites defend against attacks. Get expert operational security help when you need it.

“Our site was getting killed by bots and spiders, driving up loadtimes and burning requests. Wafris helped us identify and stop them cold.”

John Athayde
Founder Meticulous

Declaration of Security

Something has gone wrong with our Internet. It shouldn't be the case that it's easier to attack a site than to defend it. It shouldn't be the case that the default state of a web application is to be vulnerable to attacks. It shouldn't be so easy to find an IP address in your logs doing clearly bad things and so hard to do something about it.

We believe that every site should ship with the ability to:

  • Block basic request properties like IP addresses, user agents and malicious paths.
  • Rate Limit Traffic overall traffic
  • View a list of the IPs that have made requests in the last 24 hours

Attacks hit every web app by default. Why isn't there a default set of defenses?

Wafris adds practical, immediately useful, easily configured security features to your web application.

How it works

Wafris installs as a middleware in your web framework, HTTP server or Kubernetes ingress controller that analyzes every request and blocks attacks.

Connected to your Redis instance, rules are executed with blazing speed, keeping your site fast and secure.

Web Frameworks

HTTP Servers

Ingress Controllers

Strong & Secure

What makes Wafris better?

We've built Wafris from the ground up to directly address the shortcomings that we found in both legacy DNS based WAF providers and in other solutions that only partially addressed the true operational security concerns that you're forced to care about because the Internet is full of jerks.

Multi Host Support
If you have a SaaS that's issued clients' vanity domains pointing to your service (or a large number of wildcard subdomains) it's not feasible to change them. But, with Wafris there's no need to, multiple hosts are secured by default.
Faster through physics
DNS based solutions by design put requests to your app through more network hops. They're inevitably slower than a Redis datastore sitting next to your app.
No DNS configuration
DNS changes often cause downtime and making modifications can be a challenge. In many cases, it's just not feasible to get clients or other groups to make DNS updates for you. Since Wafris works with inside your existing stack, there's no DNS updates needed.
Integrated investigation and blocking
You can't block what you can't find. Wafris gives you a real-time view into the requests hitting your app. You don't have to grep through logs or write custom Elastic queries to find bad behavior.

Secure your site today.

Wafris lets you see what's really happening in your web app, take actions to protect it and get help when you need it.

Security Resources

Tools, guides and articles to help you improve your web application security.


IP Lookup

Investigate IP addresses for malicious activity. Identify Botnets, Proxies, Tor, Hosting Providers, and more.