🛡️ Open-source and next-generation Web Application Firewall (WAF)

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

ModSecurity v3 Nginx Connector

Handy, High performance, ModSecurity compatible Nginx firewall module & 方便、高性能、兼容 ModSecurity 的 Nginx 防火墙模块

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

High-performance WAF built on the OpenResty stack

Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

aawaf 是一款基于语义分析的Web应用防火墙

Casbin AI & MCP security gateway for HTTP, online demo: https://door.caswaf.com

Official ModSecurity Docker + Core Rule Set (CRS) images

An NGINX and ModSecurity based Web Application Firewall for Docker

proxy-wasm filter based on Coraza WAF

Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container

Script to install your own Ghost blog, with Nginx and ModSecurity/Naxsi web application firewall. Supports multiple blogs.

Framework for Testing WAFs (FTW!)

The official ModSecurity Docker images

Development repository for nginx-more package

Logstash configuration filter set framework to parse modsecurity audit logs