Home

With the widespread use of the Internet, Web application has been integrated into all aspects of daily life, for example: online shopping, Internet banking, stock trading application, administrative examination and approval of the government, university portal, operators and value-added services and so on. Web application has become the mainstream of the carrier business system. However, due to the wide application of Web and Web application may exist loophole, this also caused strong concern hackers, so they shifted their attention to the application of Web system in attack, use loopholes to their desired objective: such as tampered webpage content, steal important internal data, in the webpage of implantation malicious code so that site visitors are infringed. Eventually these attacks may lead to the website from loss of reputation, economic losses and even bring some political influence.

Based on this background, the FreeWAF team launched a Web application firewall open-source project, the purpose is to let everybody attention to Web application security, and invites the world people participated in the project to develop it, at the same time, through the project to provide users with a Web application security protection products, in order to solve the above troubled.

FreeWAF uses the GPLv2 license to open source, GPLv2 license is the biggest characteristic of the "Copyleft". Copyleft means the user if the GPLv2 licensed software or GPLv2 license software works based on do release (such as the user's part of the product release), then must not strong in the GPLv2 license restriction clause issue. GPLv2 requirements continue to use GPLv2 to publish. Also, the Copyleft GPLv2 license to constraint then released, if the user (including enterprise users) without further release, but the internal for personal or business use, so you don't have to worry about these constraints. However, for many want to reuse open source code to develop and distribute proprietary software vendors, GPLv2 code is not allowed, not only can use in their products, but also do not use the source code, To prevent their products to be "pollution" into derivative works of GPLv2 and also to come to issue GPLv2 licenses. Therefore, the GPLv2 code is not allowed to use for commercial purposes.

Screenshots

Command line Interface

config cmd

Configuration wizard

config cmd

System status

config cmd

Access monitor

config cmd

Security policy

config cmd

Server policy

config cmd

Features

The FreeWAF team think Web application firewall is the value of protection site safety, broaden the bandwidth, performance evaluation and site visits the site of the weight, specific functions are as follows.

  • Protection function
    It is to perform a series of security checks based on HTTP/HTTPS flow to protect the security of Web application, the Web application in all kinds of security threats, such as SQL injection, cross-site scripting (XSS), cross-site Request Forgery (CSRF), Cookie tampering and other attacks; can effectively solve the webpage, webpage Trojan, tamper disclosure of sensitive information security issues.
  • Deployment capability
    It provides flexible deployment, such as: the reverse proxy, bridge transparent agent, routing transparent proxy, offline mode and so on, in order to meet various user network environment deployment needs.
  • Logs and reports
    It provides the log and report function, such as: access, attack, management, tampering logs and reports. Convenient for users to view and audit.
  • Equipment management function
    It provides CLI command line interface, Web network management two management modes. In the Web network, including not only the equipment configuration, but also the package of equipment monitoring, diagnosis, flow analysis, such as: HTTP throughput, HTTP number of concurrent connections, new HTTP connections, HTTP transaction number index. In this way, convenient user management.
  • Web Accelerator
    Currently it only provides static webpage cache function, accelerate the website access speed.
  • Performance and visit the site assessment
    It gives performance, web server client environment and behavior, and real-time access to information, help webmasters better management website.
  • Future
    The FreeWAF team will gradually improve and increase the function, such as: load balance, safety assessment, virus scan, main-main redundancy (HA) etc.

More information on www.freewaf.org

Downloads

FreeWAF is an open source product licensed under GPLv2. It comes with the complete installation CD, documentation and source code. Currently only supports Linux operating system.

Installation CD

At present the installation CD download has 2 sites, one is the SourceForge site; another is freewaf site. The installation disc below is a link to the SourceForge site. If the user is in urgent need of the future release versioins, please go to the Version Requests) forum of Tickits to write complete demand.

Documentation

The present document download has 2 sites, one is the SourceForge site; another is freewaf site; The document below is a link to the SourceForge site.

Source code

The source code is managed by SVN. The source code is downloaded by us only 1 sites (SourceForge). The following Related Library is a link to the SourceForge site, of course, it also can be downloaded by us on the freewaf site.

Code and Contribution Statistics

Our SVN tree is read by the Ohloh tracker to generate some various statistics. For example the contribution history etc.

Legacy Source Code Repository

The legacy repository can be found here, please note that this code is GPLv2 licensed, it is maintained by the FreeWAF team. If developers extension or amendment of the PE function, you need to generate the code function patch, submitted to the Feature Patches of Tickets, at the same time, also must submit design documents. The FreeWAF team will conduct audits of its, in through the audit, as developers will submit its to the code repository.

FAQ(Frequently Asked Questions)

  • Where to download a FreeWAF?
    From the SourceForge and freewaf web site can download the latest release of FreeWAF.
  • How to install FreeWAF?
    The FreeWAF is installed according to 《the FreeWAF Installation Guide》. The guide can be downloaded from the SourceForge and freewaf web site.
  • How to use the FreeWAF?
    The FreeWAF is used according to 《the FreeWAF Usage Guide》. The guide can be downloaded from the SourceForge and freewaf web site.
  • How to obtain the FreeWAF team support?
    According to 《the FreeWAF Installation Guide》 and 《the FreeWAF Usage Guide》 is still unable to solve the problem, you can post solution in the Support Requests forum of Tickets.
  • If the user has FreeWAF version different requirements based on Linux platform, how to give feedback to the FreeWAF team?
    If the user has FreeWAF version different requirements based on Linux platform, Please to post it on the Version Requests forum of Tickets.
  • If the user has a new feature requirement, how to give feedback to the FreeWAF team?
    If the user has a new feature requirement, Please to post it in the Feature Requests forum of Tickets.
  • If developers to develop new function, how to submit code?
    If developers to develop new function, the function can be submitted to the Feature Patches forum of Tickets. The FreeWAF team will review it, in through the audit, as developers will submit its to the code repository.
  • If the user wants to communicate with FreeWAF team problems, how to do?
    If the user wants to communicate with FreeWAF team problems, Please go to the Discussion Forums.
  • If you encounter Bug, how to give feedback to the FreeWAF team?
    If you have Bug, please to submitted it to the Bug System of FreeWAF.
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.