Docs · Tools
Portable WAF
The Portable WAF sits in front of your web app as a reverse proxy and inspects every request, blocking the classic web attacks before they ever reach your backend — no code changes required.
- Category
- Defense & Hardening
- Powered by
built-in reverse proxy + rule engine- Edition
- Pro
- Where
- Desktop → WAF tab
What it does
You put the WAF between the internet and your application. It terminates the connection, inspects each request against its ruleset, blocks anything malicious, and forwards the rest to your real server.
- Attack blocking — SQL injection, XSS, path traversal, command injection.
- Rate limiting — throttle abusive clients.
- Virtual hosts — protect multiple sites from one WAF.
- TLS termination — serve HTTPS and proxy to an HTTP backend.
How to use it
1
Point the WAF at your app
Configure the upstream (your real web server) and the port the WAF should listen on. Add a virtual host per site if needed.
2
Start it
The WAF begins proxying and filtering. Blocked requests are logged with the rule that caught them.
3
Manage it live
From the UI you can check status, read or clear the logs, and add/remove vhosts and rules without restarting from scratch.
WAF controls (also available to the engine)
waf # start the reverse proxy
waf_status # is it running, and on which ports
waf_logs # blocked requests + the rule that matched
waf_stop # stop the proxyWhat you get
A working application firewall in front of your site, plus a log of exactly what it blocked and why. It complements detection: the WAF stops attacks inline, while the SecOps SIEM/rule engine records and correlates them.
Tips
- Test in monitor/low-risk mode against staging first to tune out false positives.
- Use TLS termination here so your backend can stay plain HTTP on a private network.
A shield in front, not a patch. The WAF buys you time and blocks the obvious attacks, but it is defense-in-depth — keep fixing the underlying vulnerabilities the Vulnerability Scanner finds.