smart-waf · live

Website security that thinks faster than the attack

Point your DNS at our EU edge and every request is filtered by dual Coraza engines running OWASP CRS 4.26 — within a ≤5 ms latency design budget, with a full audit trail in your portal.

EU edge WAF≤5 ms design budgetfull audit trail

Defense in depth, every layer shipped

Not one filter — a stack of them, each traceable to running code.

Dual Coraza WAF + OWASP CRS 4.26

Two Coraza engines — proxy-wasm and libcoraza FFI — run the OWASP Core Rule Set 4.26, selectable per route.

PoW → CAPTCHA → Web Bot Auth ladder

Suspicious clients escalate through proof-of-work, then CAPTCHA, then Web Bot Auth (RFC 9421 / Ed25519). Humans pass; automated abuse stalls.

ML entity-scoring with graduation

Per-entity risk scoring graduates from detection to verify to enforce, so a new signal observes before it is ever allowed to block.

See all capabilities →

From DNS change to filtered traffic

Three steps, no agent to install.

01

Point your DNS

Route your domain to our EU edge nodes. Per-tenant Let's Encrypt issues and renews the certificate automatically.

02

We filter at the edge

Coraza and CRS inspect every request; the challenge ladder handles bots; L3/L4 early-drop sheds confirmed floods — within a ≤5 ms design budget.

03

Clean traffic, full audit

Only clean requests reach your origin, and every decision lands in an immutable audit trail in your portal.

How it works →

EU-native, GDPR by architecture

Edge nodes run in the EU (Hetzner, OVH, Scaleway). No cookies, no third-party trackers. Data residency, configurable retention, and right-to-deletion are built in — not bolted on.

Read our trust posture →

Protect your site at the edge

We onboard early partners by hand. Tell us your domain and we'll take it from there.

Apply for Early Access