add a readme
This commit is contained in:
Dan Milne
83
README.md
Normal file
83
README.md
Normal file
@@ -0,0 +1,83 @@
|
||||
# Baffle WAF
|
||||
|
||||
## Product Positioning
|
||||
Tagline options:
|
||||
|
||||
"Baffle bots. Calm traffic." (playing on both meanings: confuse + quiet)
|
||||
"Confuse bots. Calm infrastructure."
|
||||
"Bewilder bots, silence the chaos"
|
||||
|
||||
## Target market:
|
||||
|
||||
Solo devs/bootstrapped startups (can't afford $249/mo Wafris/Cloudflare)
|
||||
Privacy-conscious/regulated orgs (data sovereignty requirements)
|
||||
Self-hosters (infrastructure control enthusiasts)
|
||||
Cost-sensitive scale-ups (outgrowing free tiers)
|
||||
|
||||
## Business Model (Sidekiq-style)
|
||||
Free (fully functional):
|
||||
|
||||
Ruby/Rack edge agent (2-5ms response time)
|
||||
Local SQLite rules
|
||||
IP blocking, rate limiting, geoblocking
|
||||
Manual rule management
|
||||
Community support
|
||||
|
||||
Pro ($99-149/mo):
|
||||
|
||||
Go edge agent (performance upgrade)
|
||||
SSO / multi-team
|
||||
Centralized hub with traffic analytics
|
||||
Automated rule generation
|
||||
Adaptive sampling (manual 0-100% toggle for hub load management)
|
||||
IP reputation feeds
|
||||
Priority support
|
||||
|
||||
## Key Technical Decisions
|
||||
Traffic categories:
|
||||
|
||||
Blocked - Matched deny rule
|
||||
Allowed - Matched allow rule (fast-path for whitelisted IPs/APIs)
|
||||
Unmatched - No rules, passed through
|
||||
|
||||
## OWASP approach:
|
||||
|
||||
Don't try to compete with ModSecurity's full CRS
|
||||
Focus on network-layer threats (bots, rate limiting, IP reputation)
|
||||
Map to OWASP Top 10 where applicable (A05, A07, partial A01/A03)
|
||||
Position as complementary to app-layer security
|
||||
|
||||
### Killer Feature: Performance Visibility
|
||||
Always-on category timing:
|
||||
|
||||
Track latency by rule type (IP checks, rate limits, regex, etc.)
|
||||
Show real-time impact in dashboard
|
||||
Let users add rules and immediately see performance cost
|
||||
"The only WAF that shows you exactly what your rules cost"
|
||||
|
||||
Why this matters:
|
||||
|
||||
No other WAF does this well
|
||||
Solves "why is my site slow?" blame game
|
||||
Empowers users to make informed tradeoffs
|
||||
Natural deterrent against kitchen-sink rule sets
|
||||
|
||||
## Implementation:
|
||||
|
||||
Start with category-level timing (always on, minimal overhead)
|
||||
Users can experiment: add rule → watch latency → remove if too expensive
|
||||
Can add detailed per-rule profiling later if needed
|
||||
|
||||
## Terminology Settled
|
||||
|
||||
Rule pruning - removing inactive rules for performance
|
||||
Violation/pattern match - when traffic triggers a rule
|
||||
Adaptive sampling - hub telling edges to reduce telemetry load
|
||||
|
||||
## Architecture Clarity
|
||||
Self-hosted only (no SaaS hosting from you):
|
||||
|
||||
Edge agents do forward auth with local SQLite
|
||||
Push telemetry to hub every 10 seconds
|
||||
Hub analyzes and pushes rules back
|
||||
Max 20-second gap between violation and rule deployment
|
||||
Reference in New Issue
Block a user