Wholesale Web Application Firewall
The Serverius Web Application Firewall service is a web protection environment to offer cyber security services to your end users.
The Serverius Web Application Firewall (WAF) protects web, mobile and API applications against web attacks. It will secure and boost application performance to any private, hybrid or multi-cloud application environment.
How to start
To start offering WAF protection to your websites and applications is simple:
Register a 14 day trial.
Point your websites and/or applications to a anycast WAF IP.
Add one or multiple destination IP to forward all clean traffic to.
That’s it! you’re protected! If you like you can tweak setting, enable extra’s and start testing your defenses.
Functionality that rocks!
Unique functionality which keeps your websites safe, fast and ahead of your competitors!
The WAF has been developed by a “API first” principle, which means that all available functionality is offered by https://api.serverius.net. And also a full featured web interface is offered at the Serverius client panel: https://my.serverius.net. This way organizations can easily integrate the WAF into their infrastructure, let the WAF be part of their own security environment and make easy changes by hand.
Let’s Encrypt by default
When adding a domain to the WAF, a Let’s Encrypt SSL certificate will created by default. It will save you install and update SSL certificates at your hosting environment. And of course, this free SSL can also be overruled by your personal/commercial SSL certificate.
Application DDoS protection
Protect against advanced application-layer DDoS (SlowLoris, RUDY and Slow Read attacks) attacks which are different from volumetric DDoS attacks with fingerprinting and IP reputation to identify real request from fake ones. Secure against application DDoS using a variety of risk assessment techniques such as application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists and anomalous idle-time detection.
OWASP Core Rule Set support
The OWASP ModSecurity Top 10 Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The Serverius WAF support many common attack categories like including SQL Injection (SQLi), Cross Site Scripting (XSS), Local File Inclusion (LFI), Remote File Inclusion (RFI), Remote Code Execution (RCE), PHP Code Injection.
Deploy near your end users around the world.
The Serverius WAF service is a hosted at the Serverius datacenters and many datacenters around the world. By using anycast IP routing any local web request will be inspected locally and re-routed to the shortest path possible.
All worldwide locations included
Every edge location of our global anycast network is included, with no additional charges for using the whole map or any specific region. Our global threat intelligence system will identify global security vulnerabilities and add them to the global WAF policies which will be pushed to all scrubbing centers worldwide.
Destination IP load balancing
Web traffic from the WAF proxy can be forwarded to one or multiple public IP addresses. This allows users to distribute load to multiple hosting resources to maximize their throughput, create redundancy, and avoid overload of any single resource.
You can use many lad balancing types like Round Robin, Weighted Round Robin, Least Connection and Weighted Least Connection. And of course the addition of IP subnets can be set by web interface or API.