Your infrastructure,shielded.
DDoS mitigation. 11-module WAF. Country-level blocking. Deploy once, protect everything.
27M+
Requests / second
99.99%
Uptime SLA
<10s
Auto-scale under attack
11×
WAF detection modules
DDoS Mitigation
11-Module WAF
Country-Level Blocking
Neural Network Engine
Proof-of-Work Challenges
MITRE ATT&CK Tagging
Rate Limiting
Dark Web Intelligence
Auto TLS
ASN Filtering
IP Reputation Scoring
Zero-Day Defense
DDoS Mitigation
11-Module WAF
Country-Level Blocking
Neural Network Engine
Proof-of-Work Challenges
MITRE ATT&CK Tagging
Rate Limiting
Dark Web Intelligence
Auto TLS
ASN Filtering
IP Reputation Scoring
Zero-Day Defense
Request Pipeline
Every request
interrogated.
Nine sequential stages. Threats are filtered before traffic reaches your origin. Trusted visitors move through faster automatically.
Internet → Cloudflare (Anti-DDoS) → Valtrix
01GeoIP enrichment (country, city, ASN)
Tag every request with country, city, region, ASN, and org before the rest of the pipeline runs.
02IP whitelist fast-pathskip all
Known-good IPs bypass the remaining checks and head straight toward your origin. HMAC-signed trust tokens with configurable TTL.
03IP blacklist check403
Known-bad IPs are blocked immediately with a 403. No further processing. Powered by rolling reputation scores.
04Crawler / bot filteringchallenge
Suspicious user-agents and headless fingerprints are challenged instead of hitting your application.
05Trust token verificationpromote
Valid HMAC cookies show the visitor already passed a challenge, promote to trusted, and skip heavier abuse controls.
06CC flood defensechallenge
Path-level sliding window: when an endpoint is under flood, untrusted visitors on that path are challenged.
07Rate limiting (3-tier sliding window)challenge
Per-IP, per-URI, and per-domain windows in one Redis round-trip. Escalates: challenge → block → drop.
08WAF inspection (11 modules)≥0.8 block
Payload decoded through multiple layers, then eleven modules inspect. Confidence 0.5-0.8 challenges; ≥0.8 blocks. See how the eleven modules work
09Behavioral reputation + auto-PoWauto
Rolling per-IP reputation: below the trust threshold, visitors are challenged. SHA-256 proof-of-work can activate automatically when load crosses your threshold.
Valtrix → Origin
block
challenge
skip / promote
waf
Web Application Firewall
11 modules.
Nothing gets through.
Every payload decoded through four layers before any module inspects it. Double-encoding, null bytes, mixed encoding. All stripped first. Each module returns a confidence score. Only high-confidence threats are blocked. Your real users are never affected.
Input
Raw Payload
Layer 1
URL Decode
Layer 2
Base64 Decode
Layer 3
Unicode Decode
Layer 4
Hex Decode
Inspect
11 Modules
Confidence scoring, not guesswork
0.0: Allow0.5: Challenge0.8: Block
MOD-01 / sqli
SQL Injection
Tokenization-based. UNION, blind, time-based, stacked queries, comment evasion.
MOD-02 / xss
Cross-Site Scripting
HTML-aware parser. Script tags, event handlers, javascript: URIs, SVG payloads.
MOD-03 / cmdi
Command Injection
Chaining operators, system commands, subshell execution, env variable access.
MOD-04 / traversal
Path Traversal
../ sequences, null byte injection, OS-specific paths.
MOD-05 / ssrf
SSRF
Private IPs, cloud metadata endpoints (AWS/GCP/Azure), DNS rebinding.
MOD-06 / exploits
Known Exploits
Log4Shell, Shellshock, Spring4Shell, XXE, LDAP, SSTI, deserialization.
MOD-07 / phpi
PHP Injection
50+ dangerous functions, stream wrapper attacks, object injection chains.
MOD-08 / spam
SEO Spam
Hidden link injection, CSS cloaking, pharma keywords, URL stuffing.
MOD-09 / crs
CRS 4.x Rules
200+ rules from ModSecurity Core Rule Set. Protocol, smuggling, LFI, RFI, RCE.
MOD-10 / extended
Extended Rules
Scanner fingerprinting: nmap, nikto, sqlmap, 20+ tools. Recon probe detection.
MOD-11 / ml / Zero-day defense
Neural Network Engine
32-feature extraction. 4-layer feedforward (32→64→32→16→8). 8 attack classes. Learns continuously from clean traffic via online backpropagation. Shannon entropy, bigram anomaly scoring, per-IP behavioral tracking.
11
Detection modules
200+
CRS rules
4
Decode layers
32
NN features
0.8
Block threshold
Country-Level Control
Block entire nations.
Allow only what you trust.
+ others, challenged
Country blocking
Block or allow entire countries in a single rule, applied before any other inspection. Zero origin load from blocked regions.
ASN filtering
Block entire autonomous systems: datacenters, VPS providers, and known hosting ranges favored by bots.
Custom rule engine
Match on country, ASN, IP, URI, header, method, body, or cookie. Combine conditions freely. Pre-compiled regex, zero-allocation hot path.
GeoIP on every request
Country, city, region, ASN, and org tagged before the pipeline runs. Full geo distribution in the dashboard.
MITRE ATT&CK
Every attack
classified.
22
technique IDs mapped
across the full ATT&CK matrix
across the full ATT&CK matrix
Dashboard
▶Top MITRE techniques
▶Tactic distribution
▶Severity breakdown
▶7-day attack trend
▶Geo origin distribution
T1190
Initial Access
SQLi, XXE, LDAP, deserialization, CVEs
T1059
Execution
Code injection, command injection
T1059.004
Execution
Unix shell commands (CMDi)
T1059.007
Execution
JavaScript injection (XSS)
T1221
Execution
Template injection (SSTI)
T1083
Discovery
Path traversal, information leaks
T1090
C2
SSRF
T1505.003
Persistence
Web shell indicators
T1110
Cred. Access
Brute force
T1595
Recon
Bot abuse, active scanning
T1595.002
Recon
Vuln scanning: nmap, nikto, nuclei
T1498
Impact
Network DDoS / CC floods
T1499.001
Impact
Application-layer floods
ValtrixIntel
See your exposure
before attackers do.
01 / 06
Credential Leaks
Stealer log databases searched for credentials matching your domain.
02 / 06
Email Exposure
Wildcard search across breach databases for leaked employee accounts.
03 / 06
Risk Score
Calculated risk assessment across all 6 intelligence sources, ranked by severity.
04 / 06
Subdomain Discovery
DNS enumeration surfaces forgotten or exposed assets before attackers find them.
05 / 06
Telegram Monitoring
Underground Telegram channels scanned for mentions of your domain.
06 / 06
Forum Monitoring
Clearnet and underground forums monitored. Live CVE feed with CVSS scores included.
More capabilities
Beyond these six checks
Watchdog monitoring, machine-level stealer logs, and continuous exposure visibility. See the full ValtrixIntel surface area.
Deploy in minutes
Stop attacks before
they reach you.
Reverse proxy, DDoS mitigation, 11-module WAF, country-level blocking, and dark web intelligence in one platform.
$ valtrix proxy add --domain api.yourapp.com
→ Provisioning TLS certificate...
→ Activating WAF (11 modules)...
→ Enabling GeoIP blocking...
✓ Protected. Pipeline active.