Signando HTTP
The Application Layer Gateway that protects web applications through deep packet inspection, input validation, and BSI IT-Grundschutz compliant security controls.
What is Signando HTTP?
Signando HTTP is an Application Layer Gateway (ALG) that sits between your clients and your web applications. Unlike traditional WAFs that try to block known malicious patterns, Signando HTTP only allows what is explicitly defined in your security policy.
Perfect for organizations that need to protect web applications without modifying their backend code. Signando HTTP provides:
- Path whitelisting - only explicitly allowed paths are accessible
- Attack detection - SQL injection, XSS, path traversal, command injection
- Form validation - type, format, and length validation
- BSI IT-Grundschutz compliance out of the box
Technical Specifications
| Language | 100% Rust |
| Architecture | Mini / Small / Full |
| TLS | TLS 1.2/1.3 termination |
| Configuration | YAML policy files |
| Compliance | BSI IT-Grundschutz |
| Deployment | Docker / Kubernetes |
The Paranoid Approach
Allowlist Instead of Blocklist
Unlike traditional WAFs that try to block known malicious patterns, Signando HTTP only allows what is explicitly defined in your policy. Everything else is rejected.
Deep Packet Inspection
Every HTTP request is thoroughly inspected at the application layer. Headers, query parameters, form data, and cookies are all validated.
BSI Compliance
Built-in compliance with BSI IT-Grundschutz requirements. Security headers, cookie security, error sanitization included.
Deployment Architectures
Choose the architecture that fits your security requirements.
Mini
Single binary deployment for development and small workloads.
- Single process
- All validation in one binary
- Lowest resource usage
- Perfect for testing
Small
Two-process architecture with request/response separation.
- Frontend + Validator processes
- NATS messaging
- Standard isolation
- Production ready
Full
Four-process architecture with maximum isolation.
- 4 isolated processes
- 4 separate NATS instances
- Strong network isolation
- High-security environments
BSI IT-Grundschutz Compliance
Built-in compliance with German Federal Office for Information Security requirements.
APP.3.2.A11 - TLS Termination
Full TLS 1.2/1.3 support with configurable cipher suites. Modern cryptographic standards enforced.
APP.3.1.A21 - Security Headers
Automatic injection of CSP, HSTS, X-Frame-Options, X-Content-Type-Options headers.
APP.3.2.A12 - Error Sanitization
Removes stack traces, SQL errors, and internal IPs from error responses.
APP.3.1.A20 - Form Validation
Type, format, and length validation for all form fields with security checks.
Ready to Protect Your Web Applications?
Download the free version or contact us for enterprise solutions.