Is this useful if I'm already using Cloudflare, Imperva or Expedited WAF?
The most secure applications implement "Defense In Depth" - layering multiple defensive systems to thwart ever more clever attacks.
Unlike legacy WAF systems, Wafris filters attacks from within your web framework. By scoping our filtering rules specific to the framework, we can better understand inbound requests and filter out attacks.
What systems should I put Wafris on?
All of them. Too often in our years of security work, we've seen staging, QA, or dev environments that attackers compromised. Regularly, these environments contained production data, API keys, secrets or other sensitive information.
Wafris is a default set of security controls from which any environment can benefit.
What are the requirements?
Wafris leverages Redis for fast rule implementation and analysis. We've taken pains to ensure that Wafris runs on the types of standard Redis plans that many hosting platforms provide for free or minimal cost.