Website security that thinks faster than the attack
Point your DNS at our EU edge and every request is filtered by dual Coraza engines running OWASP CRS 4.26 — within a ≤5 ms latency design budget, with a full audit trail in your portal.
Defense in depth, every layer shipped
Not one filter — a stack of them, each traceable to running code.
Dual Coraza WAF + OWASP CRS 4.26
Two Coraza engines — proxy-wasm and libcoraza FFI — run the OWASP Core Rule Set 4.26, selectable per route.
PoW → CAPTCHA → Web Bot Auth ladder
Suspicious clients escalate through proof-of-work, then CAPTCHA, then Web Bot Auth (RFC 9421 / Ed25519). Humans pass; automated abuse stalls.
ML entity-scoring with graduation
Per-entity risk scoring graduates from detection to verify to enforce, so a new signal observes before it is ever allowed to block.
From DNS change to filtered traffic
Three steps, no agent to install.
Point your DNS
Route your domain to our EU edge nodes. Per-tenant Let's Encrypt issues and renews the certificate automatically.
We filter at the edge
Coraza and CRS inspect every request; the challenge ladder handles bots; L3/L4 early-drop sheds confirmed floods — within a ≤5 ms design budget.
Clean traffic, full audit
Only clean requests reach your origin, and every decision lands in an immutable audit trail in your portal.
EU-native, GDPR by architecture
Edge nodes run in the EU (Hetzner, OVH, Scaleway). No cookies, no third-party trackers. Data residency, configurable retention, and right-to-deletion are built in — not bolted on.
Protect your site at the edge
We onboard early partners by hand. Tell us your domain and we'll take it from there.