Projects in Awesome Lists tagged with web-application-firewall

https://github.com/chaitin/safeline

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 14 May 2025

https://github.com/chaitin/SafeLine

SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

api-gateway application-security appsec blueteam bruteforce captcha cve cybersecurity firewall hackers http-flood security self-hosted sql-injection vulnerability waf web-application-firewall web-security websecurity xss

Last synced: 25 Mar 2025

https://github.com/bunkerity/bunkerweb

🛡️ Open-source and next-generation Web Application Firewall (WAF)

antibot bunkerized-nginx cybersecurity devops devsecops dnsbl docker hardening hosting kubernetes letsencrypt modsecurity nginx reverse-proxy security security-tuning swarm waf web-application-firewall web-security

Last synced: 12 May 2025

https://github.com/enablesecurity/wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

fingerprint waf waffit web-application-firewall

Last synced: 12 May 2025

https://github.com/EnableSecurity/wafw00f

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

fingerprint waf waffit web-application-firewall

Last synced: 24 Mar 2025

https://github.com/ekultek/whatwaf

Detect and bypass web application firewalls and protection systems

bypass detection fingerprinting firewall waf web-application web-application-firewall web-application-firewall-bypassing

Last synced: 18 Oct 2025

https://github.com/Ekultek/WhatWaf

Detect and bypass web application firewalls and protection systems

bypass detection fingerprinting firewall waf web-application web-application-firewall web-application-firewall-bypassing

Last synced: 26 Mar 2025

https://github.com/corazawaf/coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

coraza coraza-waf coreruleset go golang hacktoberfest http modsecurity owasp owasp-crs waf web-application-firewall

Last synced: 14 May 2025

https://github.com/wallarm/gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

api-security bugbounty graphql-security grpc-security owasp rest-security security security-testing security-tools waf web-application-firewall web-application-security

Last synced: 14 May 2025

https://github.com/add-sp/ngx_waf

Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块

captcha hcaptcha modsecurity modsecurity-nginx nginx nginx-modules openresty recaptcha waf web-application-firewall

Last synced: 14 May 2025

https://github.com/ADD-SP/ngx_waf

Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块

captcha hcaptcha modsecurity modsecurity-nginx nginx nginx-modules openresty recaptcha waf web-application-firewall

Last synced: 27 Mar 2025

https://github.com/janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 13 Apr 2025

https://github.com/Janusec/Application-Gateway

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 05 Apr 2025

https://github.com/Janusec/janusec

JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关，提供安全的接入，包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。

acme application-gateway application-security cookie-banner cookie-compliance gateway golang gslb janusec janusec-application-gateway k8s-ingress-controller load-balance port-forwarding security sql-injection waf web-application-firewall web-application-security web-ssh

Last synced: 30 Mar 2025

https://github.com/openappsec/openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

api-security application-security appsec devsecops kong kubernetes nginx nginx-proxy-manager owasp owasp-top-ten rate-limiting security-tools threat-prevention waf web-application-firewall

Last synced: 29 Dec 2025

https://github.com/safe3/uuwaf

An industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

api-gateway api-security application-security data-mask ddos hips modsecurity nginx owasp rasp security sql-injection uusec uusec-waf uuwaf waap waf web-application-firewall web-security-gateway xss

Last synced: 18 Jun 2025

https://github.com/chaitin/blazehttp

BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.

benchmark bypass http-parser waf waf-test web-application-firewall

Last synced: 16 May 2025

https://github.com/titansec/openwaf

Web security protection system based on openresty

cc http-flood lua nginx nginx-lua openresty openwaf waf web web-application-firewall

Last synced: 02 Apr 2025

https://github.com/titansec/OpenWAF

Web security protection system based on openresty

cc http-flood lua nginx nginx-lua openresty openwaf waf web web-application-firewall

Last synced: 13 Mar 2025

https://github.com/leohearts/awd-watchbird

A powerful PHP WAF for AWD

awd awd-framework ctf php waf web-application-firewall

Last synced: 04 Apr 2025

https://github.com/tempesta-tech/tempesta

All-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks

bots database ddos-protection high-performance http-accelerator http2 linux-kernel load-balancer security tls web-application-firewall web-performance web-security

Last synced: 15 May 2025

https://github.com/wallarm/api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

api api-firewall api-gateway api-security api-waf api-wrapper apigateway firewall openapi openapi-security openapi-spec openapi-specification proxy rest-security security security-tools swagger waf web-application-firewall web-application-security

Last synced: 14 May 2025

https://github.com/casbin/caswaf

HTTP & OAuth Gateway and Web Application Firewall (WAF) based on ModSecurity, online demo: https://door.caswaf.com

firewall gateway http modsecurity modsecurity-core-rule-set oauth proxy waf web-application-firewall

Last synced: 09 Oct 2025

https://github.com/fabriziosalmi/patterns

Automated OWASP CRS and Bad Bot Detection for Nginx, Apache, Traefik and HaProxy

apache bad-requests bot-detection caddy caddyserver crs firewall-configuration firewall-rules malicious-url-detection mod-security nginx owasp waf web-application-firewall

Last synced: 05 Jan 2026

https://github.com/fabriziosalmi/caddy-waf

Caddy WAF (OWASP rule-based filtering, IP and DNS filtering, rate limiting, GeoIP)

caddy caddy-plugin caddyserver security-tools waf web-application-firewall web-security

Last synced: 20 Sep 2025

https://github.com/nmmapper/dnsdumpster

A tool to perform DNS reconnaissance on target networks. Among the DNS information got from include subdomains, mx records, web application firewall detection and more fingerprinting and lookups

detection dns-fingerprinting dns-reconnaissance dnsdumpster network nmmapper reconnaissance scanner scanners subdomain subdomain-finder web-application-firewall

Last synced: 07 Apr 2025

https://github.com/wafpassproject/wafpass

Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.

analysing-parameters bypass-methods payload waf web-application-firewall

Last synced: 11 Jul 2025

https://github.com/AvalZ/WAF-A-MoLE

A guided mutation-based fuzzer for ML-based Web Application Firewalls

adversarial-machine-learning machine-learning web web-application-firewall web-security

Last synced: 12 Jul 2025

https://github.com/aapanel/aawaf

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

acl captcha cc-attack ddos ddos-attacks ddos-defense ddos-protection docker firewall http-flood modsecurity nginx security security-tools sqli-injection waf web-application-firewall web-security xss

Last synced: 07 Apr 2025

https://github.com/corazawaf/coraza-spoa

A wrapper for integrating the OWASP Coraza WAF with HAProxy's SPOE filters.

coraza haproxy haproxy-spoa waf web-application-firewall

Last synced: 04 Apr 2025

https://github.com/aapanel/bt-waf

堡塔云WAF，宝塔免费(free)的私有云网站应用防火墙(firewall)，基于docker/nginx/lua开发

acl captcha cc-attack ddos ddos-attacks ddos-defense ddos-protection docker firewall http-flood modsecurity nginx security security-tools sqli-injection waf web-application-firewall web-security xss

Last synced: 31 Mar 2025

https://github.com/teler-sh/teler-proxy

🔐 teler Proxy enabling seamless integration with teler WAF 🛡️ to protect locally running web service against a web-based attacks. 🥷

firewall intrusion-detection intrusion-prevention proxy-server reverse-proxy secure-by-default teler teler-proxy teler-waf tunnel-server waf web-application-firewall web-application-security

Last synced: 28 Oct 2025

https://github.com/timokoessler/easy-waf

An easy-to-use Web Application Firewall (WAF) for Node.js. Can be used with Express, Fastify, NextJS, NuxtJS ... or plain Node.js http.

javascript mit-license nodejs security typescript waf web-application-firewall web-application-security

Last synced: 07 Apr 2025

https://github.com/nemesida-waf/nemesida_waf_ce

Nemesida WAF Community Edition

community-edition free-waf-for-nginx nemesida-waf nemesida-waf-ce ngin-free-waf nginx nwaf-dyn waf web-application-firewall

Last synced: 15 Apr 2025

https://github.com/wallarm/docker-wallarm-node

⚡️ Official docker image for Wallarm Node. API security platform agent.

api-firewall api-security application-firewall envoyproxy nginx openapi-security rest-security security security-audit security-automation security-scanner security-tools waf web-application-firewall

Last synced: 10 Jun 2025

https://github.com/paulveillard/cybersecurity-ethical-hacking

An ongoing collection of awesome ethical hacking tools, software, libraries, learning tutorials, frameworks, academic and practical resources

application cybersecurity cybersecurity-incidents hackathon hackerrank-solutions hacking hacking-toolpentest hackingtools security-audit security-tools vulnerabilities vulnerability-detection web web-application-firewall web-application-security web-application-security-scanner

Last synced: 28 Mar 2025

https://github.com/riverside/php-waf

:guardsman: PHP Web Application Firewall

firewall php php-firewall waf web-application-firewall webapp-firewall

Last synced: 26 Apr 2025

https://github.com/janusec/janusec-admin

The Unified Web Administration Portal for Janusec Application Gateway (an application security solution which provides Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing).

application-gateway gateway-waf waf web-application-firewall web-application-security

Last synced: 29 Apr 2025

https://github.com/jackaduma/ai-waf

AI driven Web Application Firewall

ai classification-algorithm cyber-security cybersecurity deep-learning machine-learning natural-language-processing neural-network nlp nlp-deep-learning nlp-machine-learning text-classification textcnn waf web-application-firewall webapplicationfirewall

Last synced: 27 Apr 2025

https://github.com/f5devcentral/f5-agility-labs-waf

F5 Agility Labs for Web Application Firewall Use Cases

application-security ddos-mitigation documentation f5-agility-labs f5-asm http-proxy security training-labs web-application-firewall web-application-security

Last synced: 22 Jul 2025

https://github.com/tarcisio-marinho/a-deep-learning-approach-to-web-application-firewall

Avoid malicious payloads in your webapp with machine learning!

evasion firewall hacktoberfest hacktoberfest2020 machine-learning payload security security-audit security-tools web-application-firewall

Last synced: 12 Jul 2025

https://github.com/fabriziosalmi/limits

Automated rate limits implementation for web servers

apache caddy caddyserver haproxy nginx rate-limit rate-limiting traefik web-application-firewall webserver

Last synced: 11 Apr 2025

https://github.com/o-x-l/haproxy-ja4

HAProxy (community) Lua Plugin for JA4 TLS Client-Fingerprinting

bot-detection fingerprint fingerprinting haproxy haproxy-plugin ja3 ja3-fingerprint ja4 ja4-fingerprint lua tls-fingerprint waf web-application-firewall web-application-security

Last synced: 14 Jul 2025

https://github.com/sudeshnapal12/Web-Application-Firewall

Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.

apache web-application-firewall

Last synced: 11 Jul 2025

https://github.com/tinyactive/nginx-love

This project software that integrates nginx and modesecurity with management portal. Please secure the portal to prevent risks.

hacktoberfest high-performance loadbalancer nginx waf web-application-firewall

Last synced: 08 Oct 2025

https://github.com/turnerlabs/sigsci_site_manager

Signal Sciences Site Manager

devsecops signal-sciences signal-sciences-api signalsciences sigsci waf web-application-firewall

Last synced: 09 Apr 2025

https://github.com/eliranmaman/elro-security-project

ELRO-Security is an advance & free WAF (Web Application Firewall), It is using to defend servers and especially websites around the internet. It is very easy to install and allow websites owner to add their own website via a web application interface which makes it accessible for almost everyone regardless of the level of codding.

firewalls security waf web web-application-firewall web-application-security web-application-security-scanner web-secure web-security webapplication webapplicationhacking

Last synced: 26 Apr 2025

https://github.com/riotkit-org/wordpress-hardened

Secure and performant Wordpress installation on your Kubernetes cluster

docker docker-compose hardened k8s kubernetes multirun nginx nonroot-user openshift p2cli rootless-containers supervisord waf web-application-firewall wordpress wordpress-automation wordpress-kubernetes wordpress-security wordpress-updater

Last synced: 16 Jun 2025

https://github.com/riotkit-org/waf-proxy

Web Appliaction Firewall reverse-proxy using Coraza WAF + Caddy with ready-to-use rulesets

caddy cloud-native-security coraza-waf dependabot distroless golang k8s k8s-security kubernetes openshift reverse-proxy riotkit rootless-containers security waf web-application-firewall wordpress wordpress-security

Last synced: 02 Aug 2025

https://github.com/timokoessler/easy-waf-data

This repository provides ip data for the Web Application Firewall EasyWAF.

javascript nodejs security typescript waf web-application-firewall

Last synced: 29 Oct 2025

https://github.com/sporkmonger/ifproxy

A reverse proxy for golang that allows requests to be blocked/aborted before being sent upstream.

firewall reverse-proxy web-application-firewall

Last synced: 09 Apr 2025

https://github.com/moimhossain/azure-application-gateway

Provision Azure Application Gateway to protect an existing Azure Web site

azure-application-gateway azure-resource-group-deployment azure-resource-manager azure-resources azure-webapp azure-website azure-websites powershell powershell-script ssl ssl-certificate ssl-certificates waf web-application-firewall web-application-security

Last synced: 11 Aug 2025

https://github.com/lamcodeofpwnosec/it_infrastructure_security

IT Infrastructure Security Project aimed at analyzing and protecting against various attacks on servers, applications, and websites, we would need to combine several technologies and implement multiple layers of security.

it-infrastructure-managment it-infrastructure-optimization penetration-testing penetration-testing-tools vulnerability-detection web-application-firewall web-application-penetration-testing web-application-security web-application-server

Last synced: 13 Aug 2025

https://github.com/moimhossain/outbound-url-rewrite-iis-config

An example repo that shows how to rewrite IIS URL (outbound) to configure legacy asp.net web apps hosted on Azure App Service but safeguarded with a WAF (Front-door/Application Gateway)

arr azure front-door iis redirect-ur uri-rewrite waf web-application-firewall webconfig

Last synced: 20 Feb 2025

https://github.com/functionofpwnosec/pwnwaf

PwnWAF 🛡️ Open-source and next-generation Web Application Firewall (WAF)

antibot cybersecurity devops devsecops letsencrypt modsecurity reverse-proxy security security-vulnerability vulnerability waf web-application-firewall web-security

Last synced: 29 Jul 2025

https://github.com/danielecolon/azure-networking-103

Introduction to Azure Networking Services, including Virtual Networks, Application Gateways, Azure DNS, Web Application Firewall and Azure Front Door Services.

application-gateway azure-front-door cloud-networking virtual-networking web-application-firewall

Last synced: 20 Jul 2025

https://github.com/miozilla/wafkali

wafkali :dragon: : # WAF # Kali # Nikto # OWASP

kali-linux nikto owasp-crs web-application-firewall

Last synced: 29 Aug 2025

https://github.com/O-X-L/ansible-role-haproxy-waf-coraza

Ansible Role to provision the Coraza-WAF (OWASP) integrated with HAProxy

coraza coraza-waf haproxy haproxy-community haproxy-community-waf haproxy-spoa haproxy-spoe owasp waf web-application-firewall web-application-security

Last synced: 09 Nov 2025

https://github.com/fabriziosalmi/wafcontrol

Cloudflare WAF Settings Automation using GitHub Actions

cloudflare cloudflare-api cybersecurity firewall-rules rules security settings waf web-application-firewall workflow zones

Last synced: 30 Mar 2025

https://github.com/kamrullab/cloudflare-security-rules

This repository provides a complete Cloudflare WAF setup guide, including custom rules for bot protection, country blocking, and CAPTCHA verification. Learn how to configure firewall settings step by step to secure your website against threats.

bot-protection captcha cloudflare cloudflare-rules cloudflare-security cloudflare-waf cloudflare-waf-rules custom-rules custom-rulesets cybersecurity ddos-protection firewall ip-blocking security security-rules waf waf-configuration web-application-firewall website-protection

Last synced: 02 Aug 2025

https://github.com/cletqui/imperva-waf_direct-access

Check if your Imperva WAF protected websites are accessible directly!

application-security cybersecurity imperva waf web-application-firewall

Last synced: 20 Jul 2025

https://github.com/php-waf/php-waf

A lightweight and configurable PHP WAF extension written in C to block malicious requests.

extension malicious payload php waf web-application-firewall

Last synced: 13 Apr 2025

https://github.com/spithash/modsecurity-trusted-bot-ips

A Bash script that automatically fetches and parses JSON-based IP range data for trusted search engine bots (Googlebot, Bingbot, and others), ideal for use with ModSecurity and other web application firewalls and web servers.

apache bash bingbot googlebot ip-ranges modsecurity nginx security waf web-application-firewall