Wafris uses Redis to store and process your application's request data, so it's essential to configure your Redis instance correctly.

Wafris Hub is the web application that you'll use to view real time data about the requests hitting your site and to take action by setting rules to block malicious requests. This requires that your Redis instance be accessible from Wafris Hub.

Connection Map

Your web application will send HTTP request data to a Redis instance as defined in your Wafris client configuration. Typically this is a Redis instance that you've set up yourself or a cloud Redis provider.

Latency Considerations

The latency between your web application and your Redis instance is important. If your Redis instance is too far away from your web application, you may experience increased latency and request processing times.

In practice, if the Wafris client connection to Redis is adding more than a few milliseconds to your request processing time, you should consider moving your Redis instance closer to your web application.


For both ease of management and security, it's recommended that you use a dedicated Redis instance for Wafris.

The exception to this is if you're self-hosting in which case it may make more sense to have a single Redis server with multiple databases, one for Wafris and one for your applications.

Redis Connection URLs

Wafris uses the Redis connection URL format to connect to your Redis instance (both in the Wafris client configuration and in Wafris Hub).

The format is as follows:


  • redis:// is the scheme.
  • password (optional) is the password required for authentication.
  • host is the hostname or IP address of the Redis server.
  • port is the port number (default is 6379).
  • db is the database number (default is 0).

Wafris Redis Requirements

  • Redis version 6.0 or higher is required.
  • Redis must be accessible from Wafris Hub (the internet)
  • Redis must be accessible from your Wafris Client (your server)

Redis Sizing

From within Wafris Hub, you can view your current Redis usage and sizing recommendations based on how much memory each request takes in your application.

Redis memory used per request varies widely between applications. Applications with fewer unique paths + parameters used use less memory per request. Applications with more unique paths + parameters use more memory per request.

Redis Configuration Values

Wafris uses Redis' key expiration features to hold a sliding window of your most recently received requests. For this to function correctly, ensure that your Redis instance is configured to evict keys based on their expiration time and not on other attributes.

The two Redis configuration values that need to be set are maxmemory and maxmemory-policy.

Max memory

If you're using a cloud Redis provider, this is typically set to your plan memory usage limit.

If you're self-hosting Redis, you must set this to a value that makes sense for your server.

maxmemory 1gb

Max Memory Policy

This should be set to volatile-ttl to ensure that Redis will evict keys based on their expiration time and not on other attributes.

maxmemory-policy volatile-ttl

Confirmed Working Redis Providers

The following providers have all been tested to work in production with Wafris installs.

Redis Enterprise Cloud

To set the maxmemory policy on Redis Enterprise Cloud, from the web dashboard of your Redis instance, navigate to "Edit" and under the "Durability" section, set the "Data eviction policy" to "Volatile TTL".

Heroku Redis

Note: Heroku periodically rotates their Redis credentials, which results in the Wafris Hub Redis setting needing to be reset.

Setting maxmemory policy on Heroku Redis requires the use of the Heroku CLI.

heroku redis:maxmemory YOUR_REDIS_INSTANCE_NAME --policy volatile-ttl


From within the Memetria dashboard, you can navigate to "Settings" and set the Maxmemory policy to "Volatile TTL".

Azure Cache for Redis

Azure Cache for Redis supports Redis 6+ and streams. To connect from Wafris Hub, you'll need to follow the configuration guide here for connecting to Azure Redis from outside of Azure.

Configuration Documentation:

Google Cloud Platform

GCP's Memorystore supports Redis 6+ and streams. To connect from Wafris Hub, you'll need to follow the configuration guide here for connecting to Memorystore from outside of GCP.

Alternatively, you can use a GCP VM instance with Redis installed and configured that's outside of your VPC.

maxmemory policy setting -

Note: maxmemory-gb is the config, not maxmemory, and takes integers to denote values of in GB.

Confirmed Non-Working Redis Providers

The following providers have been tested and do not work with Wafris.

AWS ElastiCache

Configuring AWS Elasticache to allow access from Wafris Hub isn't currently possible.

AWS Wafris users are currently either configuring a standalone EC2 instance with Redis installed outside of their VPC or using a cloud Redis provider like Redis Enterprise Cloud, both of which work with Wafris.

Do this next

We're on a mission to better secure every web app on internet. Here's some ways you can jump in:

1. Check out our Open Source Web Application Firewall

Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at

2. Investigate IP addresses with our IP Lookup service

Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at

3. Anything else?

If you have any questions or need help finding the right way to handle web app security issues, please let us know at: