Open-source web application firewall with reverse proxy support, web UI, and plugin-based security tuning
- Stars10.6k
- Forks620
- Open Issues160
AGPL-3.0
- Python
- Shell
- HTML
About BunkerWeb
BunkerWeb is an open-source web application firewall that sits in front of web services to secure them by default. It is a full-featured web server based on NGINX and can run as a reverse proxy in existing Linux, Docker, Swarm, and Kubernetes environments.
Security features include HTTPS with Let's Encrypt automation, HTTP security headers, TLS hardening, automatic bans based on HTTP status codes, connection and request limits, bot challenges, DNSBL blocking, external IP blacklists, and an integrated ModSecurity WAF with the OWASP Core Rule Set. A plugin system extends these core features.
An optional web UI manages instances and their configurations, and a CLI is also available. BunkerWeb is licensed under AGPLv3. BunkerWeb Cloud is a fully managed SaaS offering for teams that prefer not to self-host.
Key features
- NGINX-based reverse proxy web server
- ModSecurity WAF with OWASP Core Rule Set
- HTTPS support with Let's Encrypt automation
- Bot challenges, DNSBL, and IP blacklists
- Optional web UI for instance and config management
Details
- First released
- 2019
- Platforms
- Linux · Docker · Swarm · Kubernetes
- Deployment
- self-hostable · cloud · docker
- Security
- HTTPS, TLS hardening, ModSecurity
- License
- AGPLv3
- Web UI
- Optional