Bitwall inspects every request before it reaches your app, blocking injection, scanners, brute-force and bots, and reports it all to one live dashboard. One engine, every site.
Every Scientra site, static or dynamic, is protected by the same engine and reports to the same dashboard, so the rules are identical everywhere.
The web server asks Bitwall about every request before serving it. The agent inspects the URL, query, headers, user-agent and client IP, applies rate-limits and bans, then answers allow or deny. Static sites get covered automatically.
Django and FastAPI apps add one middleware line. Because it runs inside the app it also inspects request bodies, the POST JSON and form data an edge check can never see, so login and checkout flows are fully covered.
Bitwall normalizes the URL, query, headers, cookies and body, decodes common evasion tricks, then matches against signatures and stateful rules. A short list of what it catches:
Curated rules for 20+ attack classes, with anti-evasion normalization (HTML-entity, unicode, comment-stripping) so encoded payloads match too.
Rate limiting, HTTP-flood and DDoS tiers, endpoint-spray detection, and automatic IP bans after repeated high-severity strikes.
Live geo, ASN, VPN/hosting and abuse-reputation enrichment on every attacker IP, folded into a 0–100 risk score.
Passive device fingerprint from request headers, no cookies or JavaScript, ties a VPN IP back to its real one and bans the device, not just the address.
Flags automation tools, no-UA clients and spoofed browsers, and marks traffic arriving through VPNs and data-center ranges.
Every event keeps the redacted request, matched rule and evidence, so you can replay exactly what an attacker tried, with secrets masked.
This runs Bitwall's real detection logic right here in your browser, nothing is sent anywhere. Fire a sample attack, or write your own raw request, and watch the verdict.
?id=1' OR 1=1-- or a <script> tag.Every blocked request, every attacker, every site, in one login-protected dashboard, reachable only through a secure tunnel, never the public internet.
Opens a full dossier: risk gauge, geo, ASN, abuse reputation, the devices behind it and every request it made.
One click bans the IP, its fingerprint and every linked address, so a new VPN IP won't help the attacker.
Flip between monitor and block for the whole fleet, agents pick it up within seconds.
See exactly what was sent, method, path, body, matched rule and evidence, with passwords and tokens masked.
A one-time setup fee, then a flat monthly rate, managed by Scientra. No per-request billing, no surprises. Prices in Azerbaijani manat.
For brochure & static sites that just need the front door locked.
For dynamic apps, logins and e-commerce that handle real user data.
For multiple sites, higher traffic and custom rules under one roof.
Already have a site built by Scientra? Setup is waived on any annual plan. Higher traffic or a custom setup? Talk to us →
Bitwall is built by security engineers, not resold. Here's the honest technical shape of it.
Runs on your own server in Docker, never a third-party cloud. Events live in a local store you control. Nothing about your visitors leaves your infrastructure.
One installable engine with adapters for FastAPI (BitwallMiddleware) and Django (BitwallDjangoMiddleware), plus a standalone edge agent for the nginx auth_request path.
Fingerprinting uses only request headers, no cookies, no JavaScript, no canvas tricks. That means no consent banner burden and no privacy trade-off for GDPR-minded businesses.
Payloads are HTML-entity, unicode and comment-decoded before matching, and form bodies are properly plus-decoded, so tricks that slip past naive filters still get caught.
Agents and middleware poll a central config every few seconds, so a ban or a mode switch made in the dashboard propagates to every protected site fleet-wide.
Bitwall installs alongside your stack without rewriting it, one added service and a few nginx lines. If Bitwall ever stops, your site keeps serving.
No noticeable impact. The edge check is a lightweight local lookup and the middleware runs in-process. Static sites are served exactly as fast as before.
Every plan starts in monitor mode so we can tune it against your real traffic before switching to blocking. False positives are visible in the dashboard and one click un-bans anyone. The rules are tested against realistic content to avoid flagging things like "Levi's" or "90's".
For static and most sites, no, protection is at the edge. Dynamic apps add a single middleware line for deep body inspection. We handle the whole setup for you.
No. Bitwall is self-hosted, so your visitor data never touches a third party, and it's managed hands-on by the same team that built your site, with local support in Azerbaijani, Russian and English. You own it.
Yes, Pro and Business plans get dashboard access. It's login-protected and reachable only through a secure tunnel, never exposed to the public internet.
Installation on your server, integration with your site, a monitor-mode tuning period against your live traffic, and switching to full blocking once it's dialled in. It's waived on annual plans for existing Scientra clients.
Tell us which site to protect and we'll have Bitwall watching it, in monitor mode first, within days.