AWS WAF
Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Advanced, customizable WAF middleware for Caddy web server
A feature‑rich middleware that adds regex filtering, blacklisting, geo‑blocking, rate limiting, anomaly scoring and observability to Caddy, with dynamic reloads and easy configuration.
The Caddy WAF middleware extends the Caddy web server with a comprehensive, rule‑driven firewall. It inspects URLs, headers, query strings and bodies using powerful regex patterns, applies IP/DNS/TOR blacklists, enforces geo‑IP restrictions, and throttles abusive traffic through configurable rate limits. Anomaly scoring aggregates rule matches to dynamically block suspicious requests.
Installation is a single script or manual build using xcaddy. Once compiled, the middleware is activated in a Caddyfile block, pointing to rule, IP blacklist, DNS blacklist and metrics endpoints. File watchers automatically reload updated rule or blacklist files, providing zero‑downtime protection updates. Metrics are exposed as JSON for Prometheus, ELK or custom dashboards, and custom response handling lets you tailor block messages.
Ideal for DevOps teams and security engineers running APIs, microservices, or static sites behind Caddy who need granular, programmable request inspection without adding a separate appliance. The solution balances deep security controls with the simplicity of Caddy’s configuration model.
When teams consider Caddy WAF, these hosted platforms usually appear on the same shortlist.
Web Application Firewall that protects web applications and APIs from common exploits and attacks by defining security rules
Cloud-native WAF service that protects web apps from common attacks (SQL injection, XSS) by filtering malicious HTTP/S traffic
Unified threat management and endpoint security
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Prevent brute‑force login attempts
Rate limiting blocks excessive requests to authentication endpoints, reducing credential stuffing.
Block malicious traffic from known sources
IP and DNS blacklists automatically drop requests from attackers and TOR exit nodes.
Comply with regional access policies
Geo‑blocking restricts or allows traffic based on country, supporting GDPR or licensing requirements.
Monitor attack patterns in real time
Metrics endpoint feeds Prometheus dashboards, enabling alerts on anomaly scores and blocked request spikes.
Place updated JSON or blacklist files in the configured paths; the file watcher reloads them automatically.
The middleware uses MaxMind’s free GeoLite2 database; you must download it yourself as shown in the installation steps.
Yes, regex rules can inspect any part of the request, including headers, URL, query strings and body.
The /waf_metrics endpoint exposes JSON that can be scraped or transformed for Prometheus metrics.
It runs inside Caddy, so any application served through Caddy (static sites, APIs, microservices) benefits from the protection.
Project at a glance
ActiveLast synced 4 days ago