Open Source Tools

Open Source WAF

A web application firewall lives in the worst possible spot: too loose and the injection attempts walk through, too strict and you are blocking real customers, and you only learn which mistake you made from production traffic. The open source tools here let you read and tune the rule engine yourself, so the choices about what counts as an attack stay yours instead of being hidden inside a vendor's black box.

5 waf100% OSI-approved licensesUpdated June 2026

Showing 1-5 of 5

SafeLine

Self-hosted WAF and reverse proxy for blocking web attacks, bots, and abusive HTTP traffic

GPL-3.0GoSelf-host

BunkerWeb

Open-source web application firewall with reverse proxy support, web UI, and plugin-based security tuning

AGPL-3.0PythonSelf-host

ModSecurity

Open source web application firewall engine for Apache, IIS, and Nginx

Apache-2.0C++Self-host

OWASP Coraza

Go-based Web Application Firewall library with ModSecurity SecLang and OWASP CRS v4 compatibility

Apache-2.0GoSelf-host

NAXSI

Open-source NGINX WAF with simple rules and auto-learning whitelist support

GPL-3.0CSelf-host

Related categories

VPN14 Vulnerability Scanner12 Firewall7 Security121 Threat Intelligence8