Skip to main content

11 docs tagged with "security"

View all tags

Anomaly Scoring

Combine weak signals from multiple engines into one collaborative per-request score and block only when the total crosses a policy threshold.

Building a Configuration

Author a WAF config in the two-pane editor — directive sets, the lint badge, CRS setup and demo includes, starter presets, the template builder, per-authority routing, metric labels, and the live .conf preview.

CRS Rule Library

Browse the bundled OWASP Core Rule Set — filter by version, severity, phase, paranoia level, and tags; inspect rule detail; add rules or whole files in bulk.

Get Started with Shield

Write, deploy, and verify your first Shield policy in about 10 minutes — starting safely in detect mode.

How Shield Works

The request pipeline, header vs body phases, the five engine rules, always-on body protections, the source-IP trust model, and atomic hot reload.

Security Model

Elchi's security posture in one place — identities and secrets, per-wire trust, RBAC and audit as controls, hardening, and what is encrypted or at rest.

Shield: API Security Overview

Elchi Shield is a local Envoy ext_proc API-security and WAF sidecar — 12 security engines enforced entirely on the edge host, configured by files, hot-reloaded atomically.

Versioning & Restore

Every WAF save is snapshotted — browse the History tab, diff any version against the current state, and restore a prior version in one click.

WAF Overview

Elchi's standalone WAF — Coraza with the OWASP Core Rule Set, authored in the UI and delivered to Envoy as a WASM filter through the xDS snapshot.

WAF Studio — Custom Rules & Tuning

The guided rule-building experience — write custom SecLang, exclude and tune CRS rules, set paranoia and anomaly thresholds, and stay within the WASM runtime's limits.

Your Profile

Self-service account management in Elchi — change your email and password, and enable or manage two-factor authentication for your own account.