Baffle-WAF/.profile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
900e1534b6b41c5a3f8b071e8636bff248c5ea2e
.profile/README.md
Dan Milne 900e1534b6 add a readme
2025-11-08 10:35:37 +11:00

2.4 KiB
Raw Blame History

Baffle WAF

Product Positioning

Tagline options:

"Baffle bots. Calm traffic." (playing on both meanings: confuse + quiet) "Confuse bots. Calm infrastructure." "Bewilder bots, silence the chaos"

Target market:

Solo devs/bootstrapped startups (can't afford $249/mo Wafris/Cloudflare) Privacy-conscious/regulated orgs (data sovereignty requirements) Self-hosters (infrastructure control enthusiasts) Cost-sensitive scale-ups (outgrowing free tiers)

Business Model (Sidekiq-style)

Free (fully functional):

Ruby/Rack edge agent (2-5ms response time) Local SQLite rules IP blocking, rate limiting, geoblocking Manual rule management Community support

Pro ($99-149/mo):

Go edge agent (performance upgrade) SSO / multi-team Centralized hub with traffic analytics Automated rule generation Adaptive sampling (manual 0-100% toggle for hub load management) IP reputation feeds Priority support

Key Technical Decisions

Traffic categories:

Blocked - Matched deny rule Allowed - Matched allow rule (fast-path for whitelisted IPs/APIs) Unmatched - No rules, passed through

OWASP approach:

Don't try to compete with ModSecurity's full CRS Focus on network-layer threats (bots, rate limiting, IP reputation) Map to OWASP Top 10 where applicable (A05, A07, partial A01/A03) Position as complementary to app-layer security

Killer Feature: Performance Visibility

Always-on category timing:

Track latency by rule type (IP checks, rate limits, regex, etc.) Show real-time impact in dashboard Let users add rules and immediately see performance cost "The only WAF that shows you exactly what your rules cost"

Why this matters:

No other WAF does this well Solves "why is my site slow?" blame game Empowers users to make informed tradeoffs Natural deterrent against kitchen-sink rule sets

Implementation:

Start with category-level timing (always on, minimal overhead) Users can experiment: add rule → watch latency → remove if too expensive Can add detailed per-rule profiling later if needed

Terminology Settled

Rule pruning - removing inactive rules for performance Violation/pattern match - when traffic triggers a rule Adaptive sampling - hub telling edges to reduce telemetry load

Architecture Clarity

Self-hosted only (no SaaS hosting from you):

Edge agents do forward auth with local SQLite Push telemetry to hub every 10 seconds Hub analyzes and pushes rules back Max 20-second gap between violation and rule deployment

Reference in New Issue View Git Blame Copy Permalink