OpenWAF

The first all-round open source Web security protection system, more protection than others. OpenWAF is the first fully open source Web application protection system (WAF), based on nginx_lua API analysis of HTTP request information. OpenWAF is composed of two functional engines: behavior analysis engine and rule engine. The rule engine mainly analyzes the individual requests, and the behavior analysis engine is mainly responsible for the tracking of the request information. Rule engine inspired by modsecurity and freewaf(lua-resty-waf), the ModSecurity rules will be implemented using lua. The rule engine can be based on the protocol specification, automatic tools, injection attacks, cross site attacks, information leaks and other security exception request, adding support for dynamic rules, timely repair vulnerabilities.

Features

Behavior analysis engine including fuzzy identification based on frequency
Detailed configuration documents and examples
Modules Configuration Directives
The first all-round open source Web security protection system
Dockerfile and Docker Images have been upgraded to version 1.1 on Mar 8, 2021

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow OpenWAF

OpenWAF Web Site

Other Useful Business Software

AI-powered service management for IT and enterprise teams

Enterprise-grade ITSM, for every business

Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.

Try it Free

Rate This Project

User Reviews

Be the first to post a review of OpenWAF!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Related Categories

C Web Application Firewalls (WAF)

Registered

2023-08-02

Similar Business Software

Fortinet FortiWeb Web Application Firewall

Unprotected web applications and APIs are the easiest point of entry for hackers and vulnerable to a number of attack types. FortiWeb's AI-enhanced and multi-layered approach protects your web apps from the OWASP Top 10 and more. FortiWeb ML customizes the protection of each application,...

See Software
Cloudflare

Cloudflare is the foundation for your infrastructure, applications, and teams. Cloudflare secures and ensures the reliability of your external-facing resources such as websites, APIs, and applications. It protects your internal resources such as behind-the-firewall applications, teams, and...

See Software
A10 Defend Threat Control

A10 Defend Threat Control, a SaaS component of the A10 Defend suite, offers a real-time DDoS attack map and proactive, detailed list of DDoS weapons. Unlike other tools available today that provide convenience at the cost of false positives and false negatives, A10 Defend Threat Control...

See Software
SafeLine WAF

SafeLine WAF is a self-hosted, semantic-based Web Application Firewall developed by the team at Chaitin Technology. It focuses on protecting web applications from a wide range of threats, especially zero-day and application-layer (Layer 7) attacks, with high precision and minimal false...

See Software
SKUDONET

SKUDONET Enterprise Edition is an Application Delivery and Security Platform built on Linux Debian 12.5 LTS for critical enterprise environments. Formerly known as Zevenet, it provides advanced L4/L7 load balancing, integrated WAF, TLS management with Let’s Encrypt and wildcard support, and...

See Software
Atomic ModSecurity Rules

Atomic ModSecurity Rules is a comprehensive WAF rule set with hundreds of ModSecurity WAF rules to protect applications against web attacks and is fully backed by expert support. WAF Rules to Strengthen ModSecurity Against: - SQL injection - Cross-site scripting - Cross-site request...

See Software