Update: Massive Memory Improvements Edition

Michael Buckbee

06 Mar 2024

Massive Memory Improvements Edition

Each week, we highlight a community member who's contributing to Wafris and share some of our technical progress.

We're excited to combine these this week, as Agustin Cavillotti reported some unusual Redis behavior. This report led us to track down a recurring bug bloating the overall memory needed for a Wafris instance.

The amount of excess memory consumed varies by the number and uniqueness of requests to a site, so it isn't easy to nail down a percentage improvement. Still, in many cases, we're seeing sites using half as much memory as previously.

As of this update, we've updated all of the following clients to a new, more efficient expiration process:

Ruby/Rails - https://github.com/Wafris/wafris-rb

Laravel - https://github.com/Wafris/laravel-wafris

Node - https://github.com/Wafris/node-wafris

Caddy- https://github.com/Wafris/wafris-caddy

A Developers' Guide to Web Application Firewalls

Something surprising that we've found in building Wafris is the breadth of what people consider a "Web Application Firewall" (WAF).

Everything from a dozen regexes tucked into their web framework to globally spanning networks. We're for whatever works for people, but wanted a shared understanding of the features, uses, and options for WAFs, so we put together a guide covering almost everything you'd need to know at:


Web Weirdness


GraphQL has become increasingly popular with developers and now also with attackers. We've detected multiple bots scanning sites specifically for GraphQL tools, endpoints, and data scraping.


Actually GoogleBot?

It's easy to fake a user agent in a web request, so how can you be sure it's actually Googlebot crawling your site and not a malicious bot looking for vulnerabilities or scraping your site?


In Wafris Hub, click on any grade, and you'll get a full IP ownership and reputation rundown in our publicly available IP lookup service.


The IP Lookup is also available at: https://wafris.org/ip-lookup

Node/Express User?

If you're using Node/Express and want to try out Wafris, we're in beta with the middleware and would love to have a few more testers. If this is you, hit Reply, and we'll set you up.

Not a Node/Express user? We're actively working on more integrations and would love to hear what you're using, any security concerns you may have, and how we can help.

Reach out at: support@wafris.org or book a time to chat at: https://app.harmonizely.com/expedited/wafris

Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org