AWS WAF
Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Secure your web services by default with a flexible WAF
Deploy BunkerWeb to instantly secure web services with default HTTPS, hardened headers, bot challenges, and a user‑friendly web UI, while supporting Docker, Swarm, Kubernetes, and Linux environments.
BunkerWeb is an NGINX‑based reverse proxy that adds a full‑featured Web Application Firewall out of the box. It delivers secure‑by‑default settings such as automatic Let's Encrypt certificates, TLS hardening, security headers, and bot mitigation, allowing teams to protect public‑facing sites and internal APIs without writing custom rules.
The solution integrates seamlessly with existing infrastructures—Linux servers, Docker containers, Docker Swarm clusters, and Kubernetes environments. Configuration is driven by simple settings variables and can be managed through an intuitive web UI or the CLI. A plugin system lets users extend core functionality, add third‑party threat feeds, or implement custom detection logic. While the core is released under AGPLv3, a PRO tier offers advanced modules, monitoring dashboards, and priority support for enterprise needs.
When teams consider BunkerWeb, these hosted platforms usually appear on the same shortlist.
Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules
Cloud-native WAF service that protects web apps from common attacks (SQL injection, XSS) by filtering malicious HTTP/S traffic
Unified threat management and endpoint security
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Protect public‑facing website
Automatic HTTPS, security headers, and bot challenges block attacks without manual rule creation.
Secure microservices in Kubernetes
Ingress controller adds WAF, rate limiting, and IP blacklists to each service.
Add compliance hardening to legacy apps
TLS hardening and header enforcement bring old applications up to modern security standards.
Extend with custom security plugins
Tailor detection logic or integrate third‑party threat feeds via the plugin system.
It runs on top of NGINX, acting as a reverse proxy with added WAF features.
Built‑in Let’s Encrypt automation obtains and renews certificates automatically.
Yes, Docker, Swarm, Kubernetes, and plain Linux installations are officially supported.
The open source version includes core security features; PRO adds advanced modules, monitoring dashboards, and priority support.
An optional web UI lets you manage settings, plugins, and view logs without using the CLI.
Project at a glance
ActiveLast synced 4 days ago