Network Protection

TCP Load-balancer and TCP / HTTP reverse proxy

Vulture is design around HAProxy as main TCP / HTTP engine and thus can implement all the haproxy features, managed through a unified graphical user interface.

You can define frontend / backend / TLS Profiles / ACL and put everything on stage via a global workflow :

BSD Packet Filter

No need to bother with pf firewall rules, Vulture denies everything by design and automagically open ports when you declare a new log, tcp or http listener. As soon as you destroy a listener, change it’s IP address or listening port, the netwotk firewall is dynamicaly reconfigured.

The HardenedBSD network stack has been hardened and sized to deal with 10 Gigabytes network for maximal throughout.

By design the network firewall embeds IP blacklists, and you can add whitelist and blacklist of your own, to protect against known malicious IPs.

Network and Web access control

A powerful query builder enables you to create complexe ACL, either at the TCP level or at the HTTP Level. user Authentication via Web form using internal’s Vulture iDP ou external OpenID Provider is also supported:

Application firewall

Vulture relies on mod_defender for Web filtering. Heavy developments are ongoing to add support for a custom web filtering engine based on Darwin and libmodsecurity3. More details coming soon 🙂

WebSSO

Once logged, the user may be automagically logged to the backend application, thanks to the numerous « SSO Forward » options handled by Vulture :

OpenID Identity Provider

Vulture may authenticate users using its Internal Identity Provider service (Separate LDAP repository or Active Directory is needed). It can also authenticate users against any openID Provider (do not hesitate to contact us if your favorite provider is not supported yet) :