How it works: DNS to filtered traffic

Three steps, no agent to install — and two honest answers to the questions every engineer asks: what does it cost me in latency, and who handles my certificate.

DNSyour domain → our edgeOur edge · WAFCoraza + OWASP CRS 4.26filtering happens hereYour originonly clean traffic
01

Point your DNS

Route your domain to our EU edge nodes. Per-tenant Let's Encrypt issues your certificate over HTTP-01 and renews it automatically — no manual certs, no shared-cert blast radius, TLS live from the first request.

02

We filter at the edge

Every request passes dual Coraza engines on OWASP CRS 4.26, the PoW→CAPTCHA→Web Bot Auth ladder, and L3/L4 early-drop — all within a ≤5 ms added-latency design budget. (Production-fleet numbers wait on production hardware; any figure we publish is labelled staging-measured.)

03

Clean traffic, full audit

Only clean requests reach your origin, and every block, challenge, and allow lands in an immutable audit trail in your portal — so you can see exactly what the edge decided and why.

Put your domain behind the edge

We onboard early partners by hand. Tell us your domain and we take it from there.

Apply for Early Access