Web Application Firewall

The Serverius Web Application Firewall is a cloud based protection system. Currently it is developed by Serverius its own R&D department and users can use it for free.

Because of the current development of the Serverius WAF, most basic features like OWASP rules, load balancing, rate limiting etc are working perfectly but some other are still in development. Therefore we say our WAF is still in Beta, usable for anyone who want to give it a try.

High performance by technology

The Serverius WAF is build in 2019 and us running on a scalable datacenter Kubernetes / Docker cluster environment. No commercial or Open Source software is used, it’s 100% coded by Serverius its own R&D department using Google its programming language GO which allows multiple processes running simultaneously and therefore handles up to billions of concurrent requests per second! This way we can guarantees ultra-low latency web request parsing. Everything is physical hosted on dedicated and private Serverius hardware, no public cloud environments are used.

Because of its scalable infrastructure design and its underlying Serverius CPU/GPU Compute resources, the WAF will be dynamically add hardware resources when it’s needed. This way the low latency product will always be guaranteed.

Serverius waf docker kubernetes cluster

API first

The WAF has been developed by a “API first” principle, which means that all available functionality is offered by https://api.serverius.net. And also a full featured web interface is offered at the Serverius client panel: https://my.serverius.net. This way organizations can easily integrate the WAF into their infrastructure, let the WAF be part of their own security environment and make easy changes by hand.

Web application Firewall API

Let’s Encrypt by default

When adding a domain to the WAF, a Let’s Encrypt SSL certificate will created by default. It will save you install and update SSL certificates at your hosting environment. And of course, this free SSL can also be overruled by your personal/commercial SSL certificate.

OWASP Core Rule Set support

The OWASP ModSecurity Top 10 Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The Serverius WAF support many common attack categories like including SQL Injection (SQLi), Cross Site Scripting (XSS), Local File Inclusion (LFI), Remote File Inclusion (RFI), Remote Code Execution (RCE), PHP Code Injection.

Load balancing

Web traffic from the WAF proxy can be forwarded to one or multiple public IP addresses. This allows users to distribute load to multiple hosting resources to maximize their throughput, create redundancy, and avoid overload of any single resource.

White label: using your own private IP subnets

The WAF can be used with Serverius IP space or Serverius name servers or your private IP space. This unique functionality allow ISP an cloud providers to use the Web Application Firewall and DDoS protection as a white label service.

Are you missing some feature?

Every day the Serverius R&D department is working on new features and functionality. Evey two weeks new features are launched. If you are missing a feature you can let us know by emailing to feature@serverius.net. Normally it will take a few weeks to deliver your demands, so it’s worth to let us know.

Real life example

For privacy reasons Serverius is not allowed to show real-life examples of our users. But Serverius itself started the Sercurius project to everyone a real example of what people can build with Serverius its API functionality.

Sercurius uses the DDoS protection, advanced Layer 7 protection, the basic WAF functionality and the online application scanners. All by the same API functionality which every Serverius customer can use.

What started as a joke quickly turned into a popular web security platform where people with a single website can secure their website for free.

Visit https://sercurius.net