Web Application Firewall
The creoline WAF is currently in the closed beta phase. Therefore, setup is only possible through our new customer center. Due to active development, some features of the creoline WAF are only available to a limited extent.
Introduction
With the creoline WAF, we provide a highly available and dynamic web application firewall that acts as a reverse proxy in front of your web server.
How It Works
The creoline WAF acts as a reverse proxy in front of your web server and forwards incoming traffic directly to your server. The major advantage over conventional web application firewalls is that the entire decision-making process takes place before the traffic reaches your server, and our decision engine requires only 5 ms to make a decision, which ensures an optimal TTFB (Time To First Byte) for your web server.
Features & Plans
| Feature | Basic | Pro | Enterprise |
|---|---|---|---|
| Free (Beta) | €49.00 / month | €149.00 / month | |
| Origin Shielding | ✅ | ✅ | ✅ |
| Bot Protection | ✅ | ✅ | ✅ |
| AutoSSL | ✅ | ✅ | ✅ |
| Real-Time Threat Protection | ✅ | ✅ | ✅ |
| Rate Limits | ✅ | ✅ | ✅ |
| Custom Rules | ✅ | ✅ | ✅ |
| GEO Blocking | ✅ | ✅ | ✅ |
| Custom Challenge Page (Coming soon) | ✅ | ✅ | |
| Directory Protection (Coming soon) | ✅ | ✅ | |
| Waiting Rooms (Coming soon) | ✅ | ||
| Upstream Load Protection (Coming soon) | ✅ | ||
| White Label (Coming soon) | ✅ |
Features
Origin Shielding
Origin Shielding hides the IP address of your upstream server, preventing attackers from determining your server’s actual IP address.
Bot Protection
HTTP requests from bots are handled separately. Benign bots, such as GoogleBot, are automatically allowed through. Malicious bots are automatically blocked.
AutoSSL
Using the creoline WAF completely eliminates the need to issue and renew SSL certificates. The WAF automatically issues certificates for your domains and renews them automatically before they expire.
Real-Time Threat Protection
Real-Time Threat Protection automatically blocks common attacks such as path traversal, access to hidden files, SQL injection, and XSS attacks.
Rate Limits
HTTP requests are categorized and assigned rate limits based on their category. By default, the system distinguishes between static and dynamic requests, enabling targeted rate limits.
Custom Rules
Create your own rules to automatically allow or block requests based on various criteria.
GEO Blocking
Block individual countries or entire continents with just a few clicks via the central management interface.
Custom Challenge Page
Design your own challenge page to display your company’s logo to visitors right in the JavaScript challenge.
Directory Protection
With directory protection, you can separately secure specific paths within your web application. For example, access to paths such as /admin can be further secured.
Waiting Rooms
Large-scale marketing campaigns no longer result in 504 Gateway Timeout errors. Our Waiting Room technology measures your web application’s response time in real time. If the response time falls below your specified threshold, additional visitors are automatically redirected to a waiting room.
Upstream Load Protection
With Upstream Load Protection, you can protect your web server from large-scale attacks. If the average response time falls below a value you define, further requests are automatically rejected.
White Label
With the White Label option, you can hide all references and information about the creoline WAF so that visitors cannot tell which WAF technology you are using.