Capabilities and more

The features and benefits of Curiefense.

What it does, and how it does it.

Comprehensive web security

A fully operational system that is free, open source, and extensible.

Curiefense provides multiple security technologies encapsulated into a single platform, protecting against a wide range of threats.

Web Application Firewall

Curiefense’s full-featured WAF protects against the OWASP Top 10 and many other threats:

  • Negative security features (signatures, block-listing, etc.) exclude known threats.
  • Positive security features (input validation, schema enforcement, etc.) exclude anomalies and zero-days.
  • The platform has capabilities that are not offered by many commercial solutions, including content filtering, payload inspection, behavioral profiling, and more.

Application-Layer DDoS Protection

Curiefense defends against layer 7 DoS/DDoS at all scales, from massive DDoS botnet assaults to single malformed-packet DoS attempts.

Advanced Rate Limiting

Curiefense provides rate-limiting capabilities, definable at any scope (from globally down to individual URLs). Traffic sources are blocked when their requests exceed predefined limits. This mechanism has a wide variety of beneficial uses, including:

  • Prevention of account takeover attacks (credential stuffing, credential discovery, etc.)
  • Prevention of other brute-force threats, e.g. payment card validation
  • Detecting anomalies, e.g. a single user changes geolocation multiple times
  • Blocking inventory denial attacks
  • And more

API Security

APIs and services are protected with the full range of capabilities that are applied to web applications. The only exceptions are techniques which do not apply to APIs, such as browser environment verification.

Curiefense also has additional capabilities that apply only to APIs and services, such as schema enforcement.


  • Curiefense can be deployed and controlled via web console, REST API, and/or a CLI tool.
  • JSON or YAML configuration format
  • Git versioning as the configuration storage engine
  • Support for environment branching (e.g., prod/devops/qa)

Logging and Real-Time Reporting

Curiefense logs and reports all details (headers, payloads, tags, disposition, etc.) of all requests. Out of the box, it includes Prometheus metrics and Grafana dashboards. Users can customize these, or can swap in their own reporting and visualization frameworks.

Threat Feeds

Curiefense consumes external threat feeds (e.g., IP reputation), auto-updating its security posture as the threat environment evolves. Weekly updates are included for IP reputation, ASNs, etc.