Secure Your Services

Curiefense is the open source cloud native application security platform that protects all forms of web traffic, services, and APIs. It includes bot management, WAF, application-layer DDoS protection, session profiling, advanced rate limiting, and much more.

Curiefense is integrated with NGINX and Envoy proxy. It blocks hostile traffic from sites, services, microservices, containers, service meshes, and more.

Get Started

View Video

A CNCF Sandbox Project

Robust defenses

Comprehensive,
automated protection

  • HTTP Filtering

    Protects all forms of web traffic: sites, apps, services, and APIs. Includes WAF, L7 DDoS, bot mitigation, and more.

  • Automation

    Auto-updates security policies as the threat environment changes.

  • Granular

    Allows security profiles to be applied at any scale, from entire domains to individual URLs.

For developers, by developers

API-first
security platform

  • Supports DevOps/IaC/GitOps
  • Driveable by UI, cURL, and Swagger
  • Configurations are imported/exported in JSON/YAML
  • All data and configurations versioned in Git
  • Supports branched environments (e.g., Prod/Devops/QA)

Platform agnostic

Runs anywhere

Deployment options include Docker Compose, Helm chart, and Terraform, with more on the way.

Web security for servers, service meshes, load balancers, and more

Fully integrated with NGINX and Envoy Proxy

NGINX is the most popular web server in the world, and is widely used for other purposes as well. Curiefense adds built-in traffic filtering to NGINX environments.

Curiefense also attaches directly to Envoy Proxy, and can be used anywhere Envoy runs: as a service mesh sidecar, ingress gateway, reverse proxy, load balancer, or other uses.

Logs, dashboards, and alerts

Real-time traffic data

All details (headers and payloads) of all requests are available for display. Curiefense includes Grafana dashboards out of the box, or use your own visualization framework.


Security baked into your environment

Maximum privacy and performance

Curiefense moves your security back into your network.

  • Eliminates third-party access to your data and metrics.
  • Avoids third-party latency and costs.
  • No traffic or data is decrypted outside your perimeter. Compliance is a breeze.

Endorsements

What our users are saying

“At eCG protection consumer data in priority #1, today I can sleep a bit easier at night knowing it is there fighting bad bot traffic in defense of our sites and consumers.”
James Bynoe — Head of Information Security & Compliance @ ebay
“Curiefense’s tight integration with Envoy and will allow for rapid iteration and robust collaboration on this critical component, .. and evolve the status quo in OSS WAF solutions.”
Matt Klein — Creator of Envoy
“What Curiefense brings is that historical ability of Web Application Firewall to the new frontier within a microservices stack.”
Chris Ferreira — Sr. Cloud Platform Architect | Sr. Technical Leader @ Cisco

Created by

Reblaze, the cloud native security company

Curiefense is named in honor of the famous scientist Marie Curie. The first version was developed in Malakoff, France, a few hundred meters from her home and laboratory. Curiefense was originally created by Reblaze.

© Curiefense Contributors 2020-2021
Edit This Page
© 2021 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks.
For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.