Web FirewallLayer 7 inspectionManaged rulesOrigin shield

Inspect therequest beforeit touches code.

Forgeon Web Firewall filters malicious HTTP traffic with managed rules, custom policies, payload inspection, header checks, and origin-safe decisions before requests reach your runtime.

Threats blocked

18.9k

Rules active

124

Origin hits saved

72%

Inspection wall

request → rules → verdict

block

POST /api/login

SQL injection

The request contains a classic boolean SQL injection pattern targeting an authentication endpoint.

96

risk score

SQLi tautology patternauth route sensitivitypayload anomaly
SQLiXSSPath traversalCommand injectionBad bot probeSuspicious headersUnsafe methodsOrigin bypassWebhook abuseCredential attackSQLiXSSPath traversalCommand injectionBad bot probeSuspicious headersUnsafe methodsOrigin bypassWebhook abuseCredential attackSQLiXSSPath traversalCommand injectionBad bot probeSuspicious headersUnsafe methodsOrigin bypassWebhook abuseCredential attack

Request simulator

Try a request. Watch the firewall judge it.

Web Firewall looks at more than an IP address. It inspects route, method, headers, query string, body shape, payload signatures, and route sensitivity before forwarding traffic.

request.replay

POST /api/login
content-type: application/json

{"email":"admin' OR '1'='1", "password":"test"}

Inspection pipeline

normalize → match → decide → record

01

Normalize

Decode URL, headers, method, body shape, and route context so the request can be inspected consistently.

parse
02

Match

Compare request fields against managed signatures, custom rules, route policies, and suspicious payload patterns.

rules
03

Decide

Allow, log, challenge, rate-limit, or block before the request reaches your runtime or origin service.

verdict
04

Record

Attach firewall events to logs and observability so blocked traffic has a visible trail.

audit

Layer 7 protection

The firewall understands HTTP, not just traffic volume.

Network-level blocking is not enough for modern apps. Web Firewall looks at application-layer patterns: routes, payloads, headers, methods, and attack signatures that target your actual endpoints.

Rule engine

Start managed. Tune per app.

Use managed protections for common threats, then add your own route policies for admin paths, webhooks, auth flows, APIs, and expensive runtime endpoints.

Managed protection rules

Start with common web attack protections for SQL injection, XSS, path traversal, command injection, bad methods, and suspicious payloads.

RuleTargetAction

SQL injection signatures

body + query

block

Cross-site scripting

body + params

challenge

Path traversal probes

url path

block

Command injection markers

body

block

Firewall event stream

click an event to inspect

live

Firewall trail

Blocked traffic should leave evidence, not mystery.

Every decision should be visible: which request matched, which rule fired, what action happened, and whether the request was blocked, challenged, logged, or forwarded.

selected event · 12:40:02

SQL injection signature blocked

Route /api/login produced action block after rule inspection.

Protection surface

Your app should not be the first thing reading hostile input.

01

Payload inspection

Look inside query strings, request bodies, paths, methods, and headers before traffic reaches application code.

02

Managed rules

Start with battle-tested patterns for common web attacks instead of writing every rule from scratch.

03

Custom route policy

Give sensitive endpoints stricter treatment than public pages, previews, or static routes.

04

Origin shielding

Stop suspicious traffic at the edge of your app so runtime services do not pay the price.

Web Firewall

Put the rule engine before the runtime.

Inspect web traffic, block common attacks, protect sensitive routes, shield origin, and keep hostile requests away from the code that runs your product.

request → inspect → rule match → verdict