OpenWAF

The first all-round open source Web security protection system, more protection than others. OpenWAF is the first fully open source Web application protection system (WAF), based on nginx_lua API analysis of HTTP request information. OpenWAF is composed of two functional engines: behavior analysis engine and rule engine. The rule engine mainly analyzes the individual requests, and the behavior analysis engine is mainly responsible for the tracking of the request information. Rule engine inspired by modsecurity and freewaf(lua-resty-waf), the ModSecurity rules will be implemented using lua. The rule engine can be based on the protocol specification, automatic tools, injection attacks, cross site attacks, information leaks and other security exception request, adding support for dynamic rules, timely repair vulnerabilities.

Features

Behavior analysis engine including fuzzy identification based on frequency
Detailed configuration documents and examples
Modules Configuration Directives
The first all-round open source Web security protection system
Dockerfile and Docker Images have been upgraded to version 1.1 on Mar 8, 2021

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow OpenWAF

OpenWAF Web Site

Other Useful Business Software

MongoDB Atlas runs apps anywhere

Deploy in 115+ regions with the modern database for every enterprise.

MongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.

Start Free

Rate This Project

User Reviews

Be the first to post a review of OpenWAF!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Related Categories

C Web Application Firewalls (WAF)

Registered

2023-08-02

Similar Business Software

Fortinet FortiWeb Web Application Firewall

Unprotected web applications and APIs are the easiest point of entry for hackers and vulnerable to a number of attack types. FortiWeb's AI-enhanced and multi-layered approach protects your web apps from the OWASP Top 10 and more. FortiWeb ML customizes the protection of each application,...

See Software
Cloudflare

Cloudflare is the foundation for your infrastructure, applications, and teams. Cloudflare secures and ensures the reliability of your external-facing resources such as websites, APIs, and applications. It protects your internal resources such as behind-the-firewall applications, teams, and...

See Software
SafeLine WAF

SafeLine WAF is a self-hosted, semantic-based Web Application Firewall developed by the team at Chaitin Technology. It focuses on protecting web applications from a wide range of threats, especially zero-day and application-layer (Layer 7) attacks, with high precision and minimal false...

See Software
SKUDONET

SKUDONET Enterprise Edition is an Application Delivery and Security Platform built on Linux Debian 12.5 LTS for critical enterprise environments. Formerly known as Zevenet, it provides advanced L4/L7 load balancing, integrated WAF, TLS management with Let’s Encrypt and wildcard support, and...

See Software
Atomic ModSecurity Rules

Atomic ModSecurity Rules is a comprehensive WAF rule set with hundreds of ModSecurity WAF rules to protect applications against web attacks and is fully backed by expert support. WAF Rules to Strengthen ModSecurity Against: - SQL injection - Cross-site scripting - Cross-site request...

See Software
Azure Web Application Firewall

Azure Web Application Firewall is a cloud-native service that protects web apps from common web-hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting. Deploy the service in minutes to get complete visibility into your environment and block malicious...

See Software