Update: New TrueTraffic Daily Reports

Michael Buckbee

14 Jun 2024

This week, we're discussing our new alert notification system, some tips on hardening your application against attack, and a new security course you might be interested in.

Product Updates

Google Analytics and every other analytics tool outright lie about the number of requests hitting your site.

They lie because they're made for marketers trying to figure out how to sell more widgets, not for developers and ops folks who are trying to defend against an onslaught of bots, scrapers, and internet weirdos.

Marketing analytics tools will "helpfully" filter out bots and attacks that severely misrepresent the true number of requests your site receives.

This is why we're happy to launch our new daily TrueTraffic* report for all Wafris users.


You can enable the daily report of the actual number of requests hitting the WAF protecting your site by checking the "Daily Report Email" under your User Profile on https://hub.wafris.org

  • I just made up the term "TrueTraffic" as I was writing this; it's not trademarked, so if you are building a distributed Web Application Firewall system and would like to use it in your product, please feel free.

Security Tip of the Week

Finding and blocking curl requests against your site can have a substantial positive impact 🙌

Often used for manual reconnaissance, probes, and vulnerability testing, snuffing out curl requests can push you off the list of potential sites an attacker will later release a bunch of bots on.


Community Shout Out


Our friend Greg Molnar has a pre-sale for his forthcoming "Security for Rails Developers" course.

Don't let the name fool you too much as many of the topics covered are relevant to any framework, things like:

  • Information Disclosure
  • Business Logic Vulnerabilities
  • File Uploads
  • Unsafe Reflection
  • Logging and Monitoring
  • Secure Development Processes

Check it out at https://gregmolnar.gumroad.com/l/security-for-rails-developers - and use the code PRESALE to get 35% off the launch price.

Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org