AWS WAF
Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules
BunkerWeb
Secure your web services by default with a flexible WAF
Deploy BunkerWeb to instantly secure web services with default HTTPS, hardened headers, bot challenges, and a user‑friendly web UI, while supporting Docker, Swarm, Kubernetes, and Linux environments.
Overview
Overview
BunkerWeb is an NGINX‑based reverse proxy that adds a full‑featured Web Application Firewall out of the box. It delivers secure‑by‑default settings such as automatic Let's Encrypt certificates, TLS hardening, security headers, and bot mitigation, allowing teams to protect public‑facing sites and internal APIs without writing custom rules.
Deployment & Extensibility
The solution integrates seamlessly with existing infrastructures—Linux servers, Docker containers, Docker Swarm clusters, and Kubernetes environments. Configuration is driven by simple settings variables and can be managed through an intuitive web UI or the CLI. A plugin system lets users extend core functionality, add third‑party threat feeds, or implement custom detection logic. While the core is released under AGPLv3, a PRO tier offers advanced modules, monitoring dashboards, and priority support for enterprise needs.
Highlights
NGINX‑based reverse proxy with built‑in WAF
Web UI for graphical configuration
Plugin system for custom security extensions
Automatic HTTPS via Let’s Encrypt and OWASP CRS integration
Pros
- Out‑of‑the‑box security headers and TLS hardening
- Supports Linux, Docker, Swarm, and Kubernetes
- Highly customizable through settings and plugins
- Free AGPLv3 license with optional professional services
Considerations
- Advanced PRO features require a paid license
- Custom plugin development has a learning curve
- Web UI adds optional overhead
- Community support may be less immediate than commercial alternatives
Managed products teams compare with
When teams consider BunkerWeb, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Fit guide
Great for
- Teams needing quick, default security for web applications
- Enterprises deploying containerized workloads
- Developers who prefer a graphical interface over CLI
- Organizations wanting an extensible open‑source WAF
Not ideal when
- Environments requiring only a lightweight proxy without WAF capabilities
- Projects that cannot run NGINX underneath
- Users needing 24/7 commercial support without extra cost
- Scenarios where proprietary compliance certifications are mandatory
How teams use it
Protect public‑facing website
Automatic HTTPS, security headers, and bot challenges block attacks without manual rule creation.
Secure microservices in Kubernetes
Ingress controller adds WAF, rate limiting, and IP blacklists to each service.
Add compliance hardening to legacy apps
TLS hardening and header enforcement bring old applications up to modern security standards.
Extend with custom security plugins
Tailor detection logic or integrate third‑party threat feeds via the plugin system.
Tech snapshot
Python41%
JavaScript15%
HTML13%
CSS13%
Shell10%
Lua6%
Frequently asked questions
Does BunkerWeb replace NGINX?
It runs on top of NGINX, acting as a reverse proxy with added WAF features.
How is HTTPS handled?
Built‑in Let’s Encrypt automation obtains and renews certificates automatically.
Can I use it in Docker Swarm?
Yes, Docker, Swarm, Kubernetes, and plain Linux installations are officially supported.
What is the difference between open‑source and PRO?
The open source version includes core security features; PRO adds advanced modules, monitoring dashboards, and priority support.
Is there a graphical interface?
An optional web UI lets you manage settings, plugins, and view logs without using the CLI.
Project at a glance
Active- Stars
- 9,821
- Watchers
- 9,821
- Forks
- 562
LicenseAGPL-3.0
Repo age6 years old
Last commit7 hours ago
Primary languagePython
Last synced 3 hours ago