Skip to content


Web Application Firewalls (WAFs) have become an essential component of web security, acting as gatekeepers to protect web applications from a variety of cyber threats.

Rule Sets

One of the main components of the open source WAF ecosystem is the OWASP® ModSecurity Core Rule Set (CRS), a set of generic attack detection rules designed for ModSecurity or compatible WAFs. This rule set is pivotal in defending web applications against a spectrum of attacks, including the notorious OWASP Top Ten, while striving to minimize false alerts.

The OWASP® ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories.


Open source solutions

Coraza (1.6k★) “OWASP Coraza WAF is a golang modsecurity compatible web application firewall library”

Coraza is an open source, enterprise-grade, high performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set v4. ➜ lists 3 solutions below

ModSecurity (5.4k★) “ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave’s SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…”

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide Application Security Project (OWASP). This landmark move promises to inject fresh energy and perspectives into the project, ensuring its continued evolution as a vital line of defense for countless websites worldwide.

Shadow Daemon (250★) “Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.”

NAXSI (4k★) “NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX”
→ Moved to:

Videur (dead project) “Videur is a Lua library for OpenResty that will automatically parse an API specification file provided by a web server and proxy incoming Nginx requests to that server.” Maybe some interesting ideas there.
Discussion here:
(Saved at ~/ghq/

See also

Not open source


Page last modified: 2024-03-21 12:01:48