For several months, thousands of worldwide users, including individuals, businesses, and partners, have been using CrowdSec WAF. In addition to protecting their own or their customers’ applications, they benefit from the proactive security enabled by the collective intelligence of the CrowdSec Network.
Here are some examples and use cases that members of our incredible community shared with us:
Kubernetes-ready WAF for DevOps and multi-cluster environments
DevOps teams managing containerized workloads often face a significant security challenge: how to enforce consistent protection across multiple clusters without breaking automation.
In one real-world deployment, CrowdSec is installed on several Kubernetes multi-node clusters. Traefik is the ingress controller, integrated with CrowdSec via the Traefik Remediation Component. The entire setup is automated using GitOps principles through FluxCD, ensuring that detection scenarios, remediation logic, and updates are rolled out consistently and repeatably across clusters.
This architecture allows security to scale with infrastructure changes. Each new deployment inherits CrowdSec’s detection capabilities instantly, while alerts and decisions are centrally managed via the local API (LAPI). CrowdSec becomes a seamless part of the DevOps pipeline.
Hybrid WAF across Cloud and On-Prem for business applications
For small to medium-sized enterprises (SMEs) running internal tools and public-facing services, security needs to be consistent, but deployment environments rarely exist.
One example involves a company running CrowdSec WAF on both Cloud VMs and on-prem Linux servers. Both machines run NGINX, secured by CrowdSec AppSec Component as a WAF. The default OWASP CRS rules are in place, but the team maintains a shared set of custom rules, ensuring both environments respond identically to threats.
CrowdSec WAF can protect any popular application (content collaboration, documentation platform, business apps, CMS) in any environment. It allows users to manage security rule sets for each application while maintaining a high level of security across the entire application stack. Furthermore, its out-of-band nature prevents any performance degradation or service interruption.
Layered defense with Reverse Proxy and decentralized coordination
Advanced users often seek to combine multiple security layers into a cohesive defense. CrowdSec enables this with its modular architecture.
In one interesting setup, users deploy both a Firewall Remediation Component and the Traefik Remediation Component across VPS and local networks. Each machine sends alerts to the central LAPI, which coordinates bans across all endpoints. IPs are shared automatically based on behavior, not static rules.
Integration with Fortigate firewalls extends this protection to the network perimeter, while ban notifications are pushed to Discord and email for rapid incident awareness. This hybrid model shows how CrowdSec can unify detection and enforcement across different layers of the infrastructure.
WAF-as-a-Service for Hosting Providers and Web Agencies
For small hosting providers and digital agencies managing multiple customer sites, scalable and cost-effective security is a must.
CrowdSec WAF is deployed here alongside NGINX, often paired with NGINX Proxy Manager in Dockerized environments. The AppSec component provides virtual patching for common CMS platforms and customer-specific apps with custom rules. CrowdSec AppSec Component inspects traffic and issues real-time remediations, while Cloudflare integrations extend defense to the edge.
This setup allows hosting teams to offer WAF protection as a value-added service with minimal overhead and zero false positives. Customers get safer websites, and providers gain operational efficiency.
One WAF. Any stack.
These examples illustrate what sets CrowdSec apart: a WAF that works without friction across Kubernetes clusters, VPSs, on-prem servers, and cloud environments. Whether you are managing microservices, business apps, or customer websites, CrowdSec adapts to your architecture, scales with your needs, and protects your assets with precision.
CrowdSec WAF is not just another set of rules. It’s a living, collaborative defense system built for the real world.
Ready to deploy CrowdSec WAF in your environment?
