Why the WAF, the admin UI, and the REST API all live in the same C++ binary on different ports — and how this collapses the operational surface area of a typical microservice-shaped WAF deployment by an order of magnitude.
Live repository
What the article will cover
The three-port pattern
Port 9432 (WAF inspect + FastCGI to PHP-FPM), Port 8862 (admin UI), Port 8832 (REST API). Why three roles in one binary instead of three binaries.
nginx → BackDraft → PHP-FPM
The full request flow. Why proxy_pass + fastcgi_pass on the same back end doesn't loop, and the exact nginx config.
WAF rules at line rate
How a hardware-aware thread pool inspects every request against nine threat-scoring rules without becoming a latency bottleneck.
CAPTCHA and OTP at the WAF
Issuing BotProof challenges and Secure Lock email-OTPs directly from the WAF process. Why the bot mitigation is one curl away.
ClamAV inline scanning
File uploads run through ClamAV in-process. The performance numbers and the failure modes.
HMAC-chained audit
Every rule hit, every IP block, every config change. SOC2-friendly without a separate audit service.