lua-resty-waf

lua-resty-waf is a web application firewall implemented in Lua for OpenResty/NGINX, designed to run inline at the edge with low overhead. It inspects requests and responses during NGINX phases, applying rule logic and anomaly scoring to detect patterns like SQL injection, cross-site scripting, and protocol abuse. Rules are organized into policies with configurable actions—block, log, or allow—and can leverage shared dictionaries for counters, rate limits, and caching decisions. Because it runs inside the NGINX event loop, it scales with the web tier and avoids the latency of external proxies. Operators can extend it with custom Lua code, integrate threat feeds, or adapt it to application-specific quirks without recompiling modules. The result is a flexible, scriptable WAF that pairs the performance of NGINX with the expressiveness of Lua for nuanced HTTP defense.

Features

Built on OpenResty allowing Nginx-level request inspection via Lua API
Uses ModSecurity-compatible rule syntax for widespread CRS rule sharing
Includes custom rules and a virtual patching mechanism for zero-day threats
Blocks brute-force attacks, malicious bots, and automated scraping attempts
Can integrate real-time DNS blacklists to deny known malicious hosts
Supports remote logging via TCP, UDP, or syslog for audit and analytics

Project Samples

Project Activity

See All Activity >

License

GNU General Public License version 3.0 (GPLv3)

Follow lua-resty-waf

lua-resty-waf Web Site

Other Useful Business Software

$300 Free Credits for Your Google Cloud Projects

Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.

Launch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.

Start Free Trial

Rate This Project

User Reviews

Be the first to post a review of lua-resty-waf!

Additional Project Details

Operating Systems

Linux

Programming Language

Perl

Related Categories

Perl Firewall Software

Registered

2025-09-10

Similar Business Software

ThreatLocker

ThreatLocker is a Zero Trust Platform that prevents cyber threats by blocking unknown applications, enforcing least privilege, and controlling what can run across your environment. Using Allowlisting, Ringfencing, Network Control, and more, ThreatLocker stops ransomware, zero-day attacks, and...

See Software
Cloudflare

Cloudflare is the foundation for your infrastructure, applications, and teams. Cloudflare secures and ensures the reliability of your external-facing resources such as websites, APIs, and applications. It protects your internal resources such as behind-the-firewall applications, teams, and...

See Software
Servers.com

Servers.com by Nexcess provides hybrid bare metal cloud infrastructure designed to help businesses scale, customize, and manage their server environments from a unified platform. The company offers a range of solutions including Scalable Bare Metal, Enterprise Bare Metal, AI Compute, and Managed...

See Software
Imunify360

Imunify360 is a security solution for web-hosting servers. Imunify360 goes beyond antivirus and WAF and is a combination of an Intrusion Prevention and Detection system, a Application Specific Web Application Firewall, Real-time Antivirus protection, a Network Firewall, and Patch Management...

See Software
GlassWire

Instantly see who or what your PC is talking to on GlassWire's network monitoring graph, plus see what your PC may have connected to in the past. Detect spyware, malware, badly behaving apps, and bandwidth hogs, then block their connections. Monitor other PCs on your network and get alerted...

See Software
AWS WAF

AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create...

See Software

Report inappropriate content

lua-resty-waf

High-performance WAF built on the OpenResty stack

Get an email when there's a new version of lua-resty-waf

Features

Project Samples

Project Activity

Categories

License

Follow lua-resty-waf

User Reviews

Additional Project Details

Operating Systems

Programming Language

Related Categories

Registered