DEV Community

Cover image for Acra. Features: Database request firewall
Cossack Labs
Cossack Labs

Posted on

Acra. Features: Database request firewall

Like in real life, the more coping strategies people have, the bigger opportunities and less friction on their way to the goals they have. So we equipped Acra database security suite with proactive measures against suspicious and malicious database queries.

Use Acra Community Edition for free. Check out Acra Enterprise Edition tailored for solutions with high security requirements.

6️⃣ AcraCensor—Acra Database Firewall

Acra Database Firewall (aka AcraCensor) is an SQL firewall module for Acra that checks every incoming SQL request. AcraCensor logs SQL requests directed to the database, allows and denies those requests according to the rule list you’ve configured.

💡 AcraCensor can be configured for your exact use case, allowing you to set up an allowlist and a denylist for particular tables, columns within a table, regex query patterns, or exact queries.

Database Firewall. Acra by Cossack Labs

Depending on your security goals, AcraCensor can react in different ways: reject the query with error, provide forged data in response, or even shut down the whole Acra cluster.

AcraCensor's goal is to protect the database from SQL injections and suspicious SQL queries. It is compatible with SIEM systems, providing logs that can be used for alerts' configuration and anomaly detection.

AcraCensor is a SQL firewall, which works on a different level than web application firewall (WAF), but they can work together. Read more about the difference between SQL firewalls and WAFs in our blog.

🔥 Defense-in-depth requires multi-vector attention efforts. And when in a big game you open new ways, we provide our security multi-tools to cover you from threats.

Top comments (0)