Best Open-source WAF & API Security tools

Explore curated open-source tools in the WAF & API Security category. Compare technologies, see alternatives, and find the right solution for your workflow.

7 projects · Page 1 of 1

Coraza

High-performance Go-based WAF compatible with OWASP CRS v4

WAF & API Security

Stars: 3,387
License: Apache-2.0
Last commit: 17 days ago

GoActive

BunkerWeb

Secure your web services by default with a flexible WAF

WAF & API Security

Stars: 10,246
License: AGPL-3.0
Last commit: 20 days ago

PythonActive

ModSecurity

High-performance, language-agnostic security engine for web traffic

WAF & API Security

Stars: 9,579
License: Apache-2.0
Last commit: 20 days ago

C++Active

Anubis

Lightweight web firewall that blocks AI scrapers with challenge tests

WAF & API Security

Stars: 18,226
License: MIT
Last commit: 23 days ago

GoActive

UUSEC WAF

Industrial‑grade AI‑powered WAF with zero‑day defense and scalable protection

WAF & API Security

Stars: 1,622
License: BSD-2-Clause
Last commit: 23 days ago

ShellActive

Caddy WAF

Advanced, customizable WAF middleware for Caddy web server

WAF & API Security

Stars: 748
License: AGPL-3.0
Last commit: 1 month ago

GoActive

SafeLine

Self‑hosted WAF that shields web apps from attacks

WAF & API Security

Stars: 20,981
License: GPL-3.0
Last commit: 5 months ago

GoStable