Download
lua-resty-waf is a web application firewall implemented in Lua for OpenResty/NGINX, designed to run inline at the edge with low overhead. It inspects requests and responses during NGINX phases, applying rule logic and anomaly scoring to detect patterns like SQL injection, cross-site scripting, and protocol abuse. Rules are organized into policies with configurable actions—block, log, or allow—and can leverage shared dictionaries for counters, rate limits, and caching decisions. Because it runs inside the NGINX event loop, it scales with the web tier and avoids the latency of external proxies. Operators can extend it with custom Lua code, integrate threat feeds, or adapt it to application-specific quirks without recompiling modules. The result is a flexible, scriptable WAF that pairs the performance of NGINX with the expressiveness of Lua for nuanced HTTP defense.
Features
- Built on OpenResty allowing Nginx-level request inspection via Lua API
- Uses ModSecurity-compatible rule syntax for widespread CRS rule sharing
- Includes custom rules and a virtual patching mechanism for zero-day threats
- Blocks brute-force attacks, malicious bots, and automated scraping attempts
- Can integrate real-time DNS blacklists to deny known malicious hosts
- Supports remote logging via TCP, UDP, or syslog for audit and analytics
Project Samples
