Update: Canadian Scammers vs Korean Con Artists Edition

Michael Buckbee

13 Mar 2024

Roadmap Update

In the last couple of months, we've spoken to many developers, and their main request is: "We want Wafris to do more for us automatically."

We agree.

To deliver on this, we've shifted around our roadmap to provide automation features sooner.

Stay tuned as we will ship more exhaustive rulesets, IP reputation, and automated soft blocking features shortly.


What do South African smut peddlers, Canadian scammers, Korean con artists, and jealous non-Austrian gym owners have in common?

All are threat actors that we have personally stopped through WAF Geoblocking. We are now proud to announce that this feature is in general availability for all paid Wafris plans.

If you're on a free plan, head to http://wafris.org/pricing to upgrade, or book a time at https://app.harmonizely.com/expedited/wafris.


Wafris Caddy Client

Caddy is a high-speed and capable HTTP server, proxy, and all-around incredible software. It has become popular due to its built-in security and certificate features, making deploying HTTPS to sites much easier than the alternatives.

We're trying to deliver this same level of security and ease with Wafris, so we're happy to highlight our Caddy client.

More info at: https://github.com/wafris/wafris-caddy


Weekly Web Weirdness

We're not in the designer clothing business, but it's still fascinating to see what's fashionable in the world of bots and attacks. This week, there have been GraphQL attacks, where more attacks are specifically looking for and attempting to exploit GraphQL endpoints.


Want more web weirdness? Follow us on Twitter - https://twitter.com/wafrisorg or LinkedIn https://www.linkedin.com/company/wafris/

Contributor of the Week

Mathias Hansen from GeoCodio. Mathias saw an early demo of Wafris for Rails and knocked out a minimal Wafris client in PHP a couple of hours later for use in his Laravel system.


p.s. If there's a web framework or ingress controller you'd like to write a Wafris client for, let us know, and we're happy to support you.

Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org