IPAuth is one of many tools we've built to defend the stacks we run. We don't have Fortune-500 budgets, so we don't ship Fortune-500 solutions. We ship the smallest, sharpest thing that closes the gap.
We've spent twenty years building products in the application network security space. DNS filtering, web application firewall, log management, threat intelligence. The pattern that shows up over and over: the initial vector is almost always an exploited access path. A leaked SSH key. A stolen admin token. A staging URL someone forgot to gate. An over-broad allowlist nobody pruned.
So we put a lot of energy into shrinking that attack surface. IPAuth is one piece of that. A small, focused tool that makes "lock this service to one IP" feel like a single bookmark click instead of a 30-minute manual edit every time you switch networks. It's a critical layer in our own defense-in-depth strategy, and we built it because the existing options felt either too heavy or too tied to a single vendor.
Cloudflare Access, Cisco Umbrella SIG, Zscaler, Okta Workforce, Tailscale Enterprise, 1Password Business. These are excellent products built by excellent teams, and they serve the customers they were designed for very well. But as technical founders running lean startups, we can't always swallow the per-seat math, the multi-year contracts, the vendor-lock surface area, or the integration overhead that comes with adopting a full identity-and-access platform when what we needed was "keep my SSH port closed except to me, today, from a coffee shop."
So we build creative solutions. IPAuth is two URLs and a bookmark. It's free. It works with the firewall, CDN, or WAF you already pay for. It doesn't require an account or an agent. You can self-host the whole thing if you want. The code is straightforward PHP. And it composes with everything else in our stack.
Defense-in-depth doesn't have to mean defense-in-budget. Sometimes the right answer is a script and a cron entry.
We co-founded Sucuri (a website security platform) and sold it to GoDaddy in 2017. Tony stayed on for three years as GM running GoDaddy's portfolio of security solutions, including the PKI business, before stepping back into the startup world. Everything we ship now is informed by that arc: what works at scale, what gets in the way, what enterprise customers actually need versus what they're sold.
CO-FOUNDER · PRODUCT & OPERATIONS
Operator and product builder. Co-founded Sucuri, sold to GoDaddy in 2017, then ran GoDaddy's security portfolio (including the PKI business) as GM for three years. Now founder of NOC.org, CleanBrowsing, and DNSArchive. Spends his days running infrastructure for paying customers and reverse-engineering what's failing in the field.
Writes about it at perezbox.com.
CO-FOUNDER · ENGINEERING
Security engineer and prolific open-source author. Original author of OSSEC (the open-source HIDS), founder of Sucuri, CTO at GoDaddy Security post-acquisition. Builds the engines under the hood of our products: the parsers, the detection rules, the API surfaces.
Writes about it at dcid.me.
Over the years we've shipped a number of solutions: DNS filtering, web application firewall, log management, threat intelligence, network testing. All built with the same constraints: small teams, real production traffic, no enterprise budget. If you're running infra at a startup scale, you might find the others useful too.
DNS CONTENT FILTERING
Parental controls + enterprise/MSP web filtering at the DNS layer. 60-70 PoPs, anycast, app-based lockdown.
CDN · WAF · DNS · MONITORING
Website security platform. Flat $5/FQDN/month, no per-request gotchas. Origin protection + custom WAF rules for technical operators.
LIGHTWEIGHT SIEM
Simple, affordable log management + event correlation. Built for teams that want SIEM without the Splunk invoice.
THREAT INTELLIGENCE
DNS-based threat data and domain intelligence. Feed for detection pipelines, blocklists, and incident response.
NETWORK DIAGNOSTICS
Diagnostic tooling for DNS resolution, routing, and reachability. Useful when something's flaky and you need ground truth fast.
All of these live under the NetSecOps umbrella. IPAuth is free and stays free.
Two URLs. One bookmark. Your firewall stays current as you move.