A CNCF Sandbox Project

Robust defenses

automated protection

  • HTTP Filtering

    Protects all forms of web traffic: sites, apps, services, and APIs. Includes WAF, L7 DDoS, bot mitigation, and more.

  • Automation

    Auto-updates security policies as the threat environment changes.

  • Granular

    Allows security profiles to be applied at any scale, from entire domains to individual URLs.

For developers, by developers

security platform

  • Supports DevOps/IaC/GitOps
  • Driveable by UI, cURL, and Swagger
  • Configurations are imported/exported in JSON/YAML
  • All data and configurations versioned in Git
  • Supports branched environments (e.g., Prod/Devops/QA)

Platform agnostic

Runs anywhere

Deployment options include Docker Compose, Helm chart, and Terraform, with more on the way.

Web security for servers, service meshes, load balancers, and more

Fully integrated with NGINX and Envoy Proxy

NGINX is the most popular web server in the world, and is widely used for other purposes as well. Curiefense adds built-in traffic filtering to NGINX environments.

Curiefense also attaches directly to Envoy Proxy, and can be used anywhere Envoy runs: as a service mesh sidecar, ingress gateway, reverse proxy, load balancer, or other uses.

Logs, dashboards, and alerts

Real-time traffic data

All details (headers and payloads) of all requests are available for display. Curiefense includes Grafana dashboards out of the box, or use your own visualization framework.

Security baked into your environment

Maximum privacy and performance

Curiefense moves your security back into your network.

  • Eliminates third-party access to your data and metrics.
  • Avoids third-party latency and costs.
  • No traffic or data is decrypted outside your perimeter. Compliance is a breeze.


What our users are saying

“At eCG protection consumer data in priority #1, today I can sleep a bit easier at night knowing it is there fighting bad bot traffic in defense of our sites and consumers.”
James Bynoe — Head of Information Security & Compliance @ ebay
“Curiefense’s tight integration with Envoy and will allow for rapid iteration and robust collaboration on this critical component, .. and evolve the status quo in OSS WAF solutions.”
Matt Klein — Creator of Envoy
“What Curiefense brings is that historical ability of Web Application Firewall to the new frontier within a microservices stack.”
Chris Ferreira — Sr. Cloud Platform Architect | Sr. Technical Leader @ Cisco

Created by

Reblaze, the cloud native security company