Home // How it works

How Mithril works

How it works

Mithril is a Web Application and API protection as a Service.

It works as a reverse proxy, and it receives all web traffic for your website or web application and checks for attacks or bad bots. It can protect your website from a lot of attacks such as brute-force, account takeover, prevent users from using passwords in a data breach, etc. Moreover, Mithril uses the OWASP ModSecurity Core Rule Set as a base rule set for its WAF module. Thanks to this collection of rules, Mithril protects your website or web application from all attacks listed in the OWASP Top 10, such as:

  • Cross-Site Scripting
  • SQL Injection
  • Local and Remote File Inclusion
  • Remote Command Execution
  • Code Injection
  • and many others


Mithril helps you to secure and protect
your web application or website from:

Don't call me firewall

Mithril is a Web Application and API Protection, which means that it doesn’t just inspect HTTP requests over a list of rules, but it has a lot of modules that extend the WAF functionalities such as Bad Bot Detection, Detect passwords in a data breach, DoS Protection, Brute-Force Attack mitigation. It also has specific modules for CMS (such as WordPress, Drupal, Joomla, etc.)

Centrally Orchestrated

Mithril shares with all customers new Rules, Blacklists, and new Modules in order to prevent attacks and new vulnerabilities.

You’ll know what happens

Thanks to our web console, you’ll be able to see what happens on your web applications, and you can configure all aspects of it, from rules to modules. All our views are in near real-time and easy to understand and use.

A Security Operation Center for your website

With Mithril you’ll get a whole SOC that will help you to configure rules and modules in order to protect better your assets and to maximize your experience with it.

We never leave you alone

Unlike other vendors, we don’t leave you alone with our service. The Mithril support team will help you to better understand how Mithril works and how to use it to better protect your business online.

WebSec Ninja

Our team works constantly to research and test new weaknesses and hardening techniques to improve our service and our product. Moreover, we frequently publish articles and tutorials that keep our customers up to date with industry news.

// Get Safe

Mithril is the best solution
for your needs

Contact us


Let’s find out Mithril’s key features!


Mithril is based on open-source projects such as Nginx, ModSecurity, and the OWASP Core Rule Set. We love to contribute to all these projects and work together with the community to improve the security of web applications cloud and autoscaling.

Read more

Bad Bot and Impersonators

Do you know that 30% of your website traffic is made by bots? Many of those are not good bots, and they usually try to impersonate crawlers of search engines, like Google, Facebook, Twitter, and many others. Thanks to the Mithril Bad Bot modules, you’ll be able to identify bad bots and block them.

Read more

Have I been pwned?

When a user login into your web application, Mithril can anonymously check the user’s password and try to figure out if it is contained in a public data breach. You can receive an alert when this occurs, and even block the specific user to access your web application.

Read more

Always Online

Have you ever needed to upgrade or do maintenance of your website? With Mithril Always Online your website will be always reachable even if it’s down or not available.

Read more

DoS Attacks

Thanks to our DoS mitigation system, your website will no more be affected by volumetric attacks aiming to consume server or network resources to make your website unresponsive to legitimate requests.

Read more

Contact us