# Self-Hosted Web Application Firewalls > Search results for `self-hosted web application firewall to block malicious traffic` on awesome-repositories.com. 117 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/self-hosted-web-application-firewall-to-block-malicious-traffic **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/self-hosted-web-application-firewall-to-block-malicious-traffic).** ## Results - [chaitin/safeline](https://awesome-repositories.com/repository/chaitin-safeline.md) (21,527 ⭐) — SafeLine is a containerized web application firewall and reverse proxy designed to secure web services by inspecting incoming HTTP traffic. It acts as a security gateway that sits in front of backend infrastructure to filter malicious requests and enforce access policies before they reach the application server. The platform distinguishes itself through advanced bot mitigation and content protection capabilities. It employs challenge-response mechanisms to verify human users and dynamically obfuscates HTML and JavaScript content to prevent unauthorized scraping and code tampering. These featu - [crowdsecurity/crowdsec](https://awesome-repositories.com/repository/crowdsecurity-crowdsec.md) (12,574 ⭐) — CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl - [awesome-selfhosted/awesome-selfhosted](https://awesome-repositories.com/repository/awesome-selfhosted-awesome-selfhosted.md) (299,516 ⭐) — This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis - [faizann24/fwaf-machine-learning-driven-web-application-firewall](https://awesome-repositories.com/repository/faizann24-fwaf-machine-learning-driven-web-application-firewall.md) (437 ⭐) — Machine learning driven web application firewall to detect malicious queries with high accuracy. - [qax-os/excelize](https://awesome-repositories.com/repository/qax-os-excelize.md) (20,682 ⭐) — Excelize is a library for reading and writing spreadsheet files in the Office Open XML format. It provides a comprehensive suite of tools for programmatically creating, modifying, and analyzing workbooks, worksheets, and cell data, ensuring compatibility across various office software suites through structured XML serialization. The library distinguishes itself with a built-in formula calculation engine that evaluates complex mathematical and logical expressions directly against workbook data. It also features a memory-mapped streaming architecture, which allows for the efficient processing o - [getsentry/self-hosted](https://awesome-repositories.com/repository/getsentry-self-hosted.md) (9,426 ⭐) — This project is a containerized error tracking platform and monitoring suite designed for self-hosted deployment on private infrastructure. It provides a collection of services for capturing and analyzing software crashes and exceptions, ensuring that sensitive application data remains within a controlled environment. The system includes specialized tooling for air-gapped deployment, allowing the software to be installed and operated on servers without internet access through the manual transfer of container images. It also supports corporate network integration via proxy configurations to ma - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party servi - [shynoiddev/firewall-blocks](https://awesome-repositories.com/repository/shynoiddev-firewall-blocks.md) (0 ⭐) - [capsoftware/cap](https://awesome-repositories.com/repository/capsoftware-cap.md) (17,026 ⭐) — Cap is a self-hosted screen recording and video collaboration platform designed for teams to replace synchronous meetings with asynchronous video updates. It provides a comprehensive suite for capturing high-resolution desktop activity, including system audio, microphone input, and camera overlays, which are then processed through an integrated post-production workflow. The platform distinguishes itself by offering full data sovereignty through containerized deployment and object storage abstractions, allowing users to host their media assets on private infrastructure or S3-compatible buckets - [stoatchat/self-hosted](https://awesome-repositories.com/repository/stoatchat-self-hosted.md) (2,497 ⭐) — This project is a self-hosted communication suite and private messaging infrastructure. It is a containerized chat platform designed for deployment on independent hardware to maintain full control over user data and server dependencies. The system features a modular plugin framework that allows custom features and behaviors to be loaded into the client at runtime via manifest files. It is designed as a proxy-compatible service, supporting configurable network port routing to operate behind external reverse proxy servers. The platform covers capabilities for containerized service orchestratio - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It - [donnemartin/system-design-primer](https://awesome-repositories.com/repository/donnemartin-system-design-primer.md) (353,387 ⭐) — This project is a comprehensive educational resource and study guide focused on distributed systems architecture and backend infrastructure design. It provides a structured curriculum for mastering the principles of scalability, reliability, and performance required to design complex software systems. The repository distinguishes itself by offering a methodical approach to technical interview preparation, incorporating design patterns, architectural trade-offs, and spaced repetition tools to help users retain complex concepts. It emphasizes constraint-driven analysis, teaching users how to ev - [datawranglerai/self-host-n8n-on-gcr](https://awesome-repositories.com/repository/datawranglerai-self-host-n8n-on-gcr.md) (608 ⭐) — Self-host n8n on Google Cloud without the subscription fees or server headaches - because your automation workflows shouldn't cost more than your coffee budget - [bunkerity/bunkerized-nginx](https://awesome-repositories.com/repository/bunkerity-bunkerized-nginx.md) (10,629 ⭐) — Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo - [amruthpillai/reactive-resume](https://awesome-repositories.com/repository/amruthpillai-reactive-resume.md) (38,613 ⭐) — This project is a web-based platform designed for creating, managing, and sharing professional resumes. It functions as a structured document builder that integrates artificial intelligence to assist with content generation, editing, and analysis. Users can maintain a collection of resumes, customize their visual presentation through various templates, and export them into multiple formats for job applications. The platform distinguishes itself through its autonomous AI agent capabilities, which can perform research, suggest incremental edits, and apply data patches directly to documents. It - [nightflame2/karma-firewall](https://awesome-repositories.com/repository/nightflame2-karma-firewall.md) (0 ⭐) — Karma Firewall is the safest, most trusted Android Firewall. - [amidaware/tacticalrmm](https://awesome-repositories.com/repository/amidaware-tacticalrmm.md) (4,161 ⭐) — TacticalRMM is a remote monitoring and management platform designed for overseeing endpoints and automating IT administration. It functions as an endpoint management tool and IT automation framework, providing a centralized dashboard for executing scripts, monitoring system health, and managing remote devices across multiple tenants. The platform distinguishes itself through a comprehensive remote administration suite that includes real-time shell access, remote file management, and registry editing. It integrates with third-party remote desktop software and provides a hierarchical policy inh - [jonaslejon/malicious-pdf](https://awesome-repositories.com/repository/jonaslejon-malicious-pdf.md) (4,070 ⭐) — This project is a set of specialized utilities for generating malformed documents, obfuscating payloads, and crafting specific attack vectors to evaluate the resilience of security scanners. It functions as a PDF fuzzing framework and security testing tool designed to create PDF files with embedded payloads for verifying how document viewers and web applications handle vulnerabilities. The toolkit provides capabilities for encoding and hiding malicious content to test the detection effectiveness of security scanners. It includes a security payload generator for crafting specific attack vector - [coollabsio/coolify](https://awesome-repositories.com/repository/coollabsio-coolify.md) (57,055 ⭐) — This project is a self-hosted platform-as-a-service that provides a centralized management interface for deploying, configuring, and monitoring containerized applications and databases on private infrastructure. It functions as a visual control plane, automating the end-to-end lifecycle of services from source code to production. By managing container orchestration, networking, and resource allocation, it allows users to maintain full control over their own hardware while streamlining the delivery of software. The platform distinguishes itself through its agentless architecture, which uses se - [allinssl/allinssl](https://awesome-repositories.com/repository/allinssl-allinssl.md) (3,359 ⭐) — Allinssl is a multi-platform certificate manager and ACME automator designed to handle the full lifecycle of security certificates. It provides a web-based management interface to orchestrate the issuance, renewal, and deployment of certificates across various servers and cloud environments. The system distinguishes itself through an orchestration engine that pushes certificates to diverse targets, including web application firewalls, server control panels, and remote hosts. It automates domain ownership verification using DNS challenges across multiple providers and employs an event-driven w - [gravitl/netmaker](https://awesome-repositories.com/repository/gravitl-netmaker.md) (11,630 ⭐) — Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and soft - [globaldatanet/aws-firewall-factory](https://awesome-repositories.com/repository/globaldatanet-aws-firewall-factory.md) (256 ⭐) — Enhance the security of your web applications effortlessly with AWS Firewall Factory. Safeguard your valuable assets through seamless WAF deployment, updates, and staging, all centrally managed with AWS Firewall Manager. - [transitapp/gtfs-blocks-to-transfers](https://awesome-repositories.com/repository/transitapp-gtfs-blocks-to-transfers.md) (9 ⭐) — Converts GTFS blocks, defined by setting trip.block\id into a series of trip-to-trip transfers (GTFS specification). Uses configurable heuristics to predict whether two trips are connected as in-seat transfers or as vehicle continuations_ only. This tool also validates predefined trip-to-trip… - [traefik/traefik](https://awesome-repositories.com/repository/traefik-traefik.md) (63,644 ⭐) — Traefik is a cloud-native edge router and API gateway designed to manage service communication and traffic flow across distributed infrastructure. It functions as a dynamic service proxy that automatically discovers backend services and configures routing rules in real time, eliminating the need for manual restarts or complex configuration updates. By integrating directly with container orchestrators and service registries, it maintains a consistent state for network traffic, load balancing, and security policy enforcement. The project distinguishes itself through its deep integration with di - [coder/code-server](https://awesome-repositories.com/repository/coder-code-server.md) (78,024 ⭐) — This project provides a remote development platform that enables users to access a full-featured integrated development environment through a standard web browser. By decoupling the user interface from the server-side filesystem, it allows for persistent coding workspaces to be hosted on remote servers, virtual machines, or cloud-native infrastructure, ensuring a consistent development experience from any device. The platform distinguishes itself through a secure gateway architecture that manages traffic, authentication, and encryption at the edge. It utilizes persistent WebSocket connections - [gyulyvgc/sniffnet](https://awesome-repositories.com/repository/gyulyvgc-sniffnet.md) (39,325 ⭐) — This application is a desktop network traffic analyzer that provides real-time monitoring and forensic inspection of data packets. By interfacing directly with low-level system drivers, it captures raw network traffic from physical or virtual adapters to identify communication patterns, track bandwidth usage, and diagnose connectivity issues. The system distinguishes itself through an immediate-mode graphical interface that rebuilds the display state every frame, ensuring high responsiveness during live data updates. It maintains performance by using asynchronous message passing to decouple t - [dubinc/dub](https://awesome-repositories.com/repository/dubinc-dub.md) (23,722 ⭐) — This project is a comprehensive link management and marketing attribution platform designed for creating, tracking, and analyzing shortened URLs. It functions as a centralized hub for marketing analytics, providing tools to monitor link performance, visualize conversion funnels, and manage affiliate programs through a unified dashboard. The platform distinguishes itself by integrating advanced attribution modeling and partner management directly into the link infrastructure. It supports complex marketing workflows, including automated commission calculations, fraud detection, and payout distr - [googlehosts/hosts](https://awesome-repositories.com/repository/googlehosts-hosts.md) (20,619 ⭐) — This project is a curated collection of domain-to-IP mappings designed to bypass network censorship and restore access to restricted web services. It provides a set of host file entries and static domain mapping files that allow users to redirect blocked traffic to accessible mirrors or proxy servers. The system functions by prioritizing local host entries over external DNS responses. It utilizes plain-text configuration files that are intended for manual injection into a system's hosts file to override default name resolution. The project covers network connectivity and DNS override managem - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by a - [slskd/slskd](https://awesome-repositories.com/repository/slskd-slskd.md) (2,784 ⭐) — slskd is a headless network daemon and peer-to-peer file-sharing server for the Soulseek network. It functions as a network client and API gateway, allowing users to search for and share files via a web interface or a REST API. The project distinguishes itself through a focus on automation and remote management, featuring event-driven triggers that can execute system scripts or send webhooks. It supports advanced network routing via SOCKS5 proxies and provides a flexible deployment model that includes a dockerized client with volume mapping and environment-based configuration. The system cov - [wallarm/api-firewall](https://awesome-repositories.com/repository/wallarm-api-firewall.md) (651 ⭐) — Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs. - [cisofy/lynis](https://awesome-repositories.com/repository/cisofy-lynis.md) (15,284 ⭐) — Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom - [blocks/blocks](https://awesome-repositories.com/repository/blocks-blocks.md) (5,089 ⭐) — A JSX-based page builder for creating beautiful websites without writing code - [stamparm/maltrail](https://awesome-repositories.com/repository/stamparm-maltrail.md) (8,498 ⭐) — Maltrail is a malicious traffic detection system used for network intrusion detection. It consists of a network intrusion sensor for monitoring interfaces, a threat intelligence aggregator for syncing blacklists, and a detection engine that identifies security threats through signature matching and heuristic attack patterns. The system distinguishes itself through a distributed sensor architecture that collects traffic data from multiple remote probes and forwards events to a central analysis server. It employs heuristic behavioral analysis to identify unknown threats, such as port scanning o - [mastodon/mastodon](https://awesome-repositories.com/repository/mastodon-mastodon.md) (50,053 ⭐) — Mastodon is a self-hosted, decentralized social networking platform that functions as a microblogging application. It enables independent server instances to communicate and exchange social data through the standardized ActivityPub protocol, allowing users to participate in a global, interoperable network. The platform distinguishes itself through its federated architecture, which grants administrators full control over their community instances. This includes comprehensive tools for user moderation, account management, and the enforcement of community guidelines. The system is designed to ha - [osrf/traffic-editor](https://awesome-repositories.com/repository/osrf-traffic-editor.md) (161 ⭐) — GUI, CLI, and ROS 2 messages for robot traffic flows in buildings - [google/blockly](https://awesome-repositories.com/repository/google-blockly.md) (13,436 ⭐) — Blockly is a block-based coding library and visual programming editor that allows users to build programs by interlocking graphical blocks. It functions as a visual code generator, translating these arrangements of logic blocks and variables into executable source code for various programming languages. The library provides a framework for creating custom visual programming languages and low-code logic designers. It utilizes an SVG-based UI library to render interactive, draggable elements on a web canvas. The system is designed as an accessible web UI framework with integrated keyboard navi - [fail2ban/fail2ban](https://awesome-repositories.com/repository/fail2ban-fail2ban.md) (17,993 ⭐) — Fail2ban is an intrusion prevention system that monitors system log files to detect malicious activity and automatically enforce security policies. By parsing log data in real time, the tool identifies patterns of unauthorized access or repeated authentication failures and responds by dynamically updating network access control lists to restrict offending sources. The software functions as a firewall automation tool that maintains stateful tracking of suspicious behavior across various network services. It utilizes a regex-driven pattern matching engine to identify specific attack signatures, - [docmost/docmost](https://awesome-repositories.com/repository/docmost-docmost.md) (19,049 ⭐) — Docmost is an open-source knowledge management system designed as a collaborative documentation platform for teams. It functions as an enterprise wiki that centralizes organizational information into structured, searchable workspaces, enabling users to create, organize, and share content through a hierarchical system of spaces and pages. The platform distinguishes itself by integrating artificial intelligence directly into the documentation lifecycle. It utilizes vector-based semantic search to allow for natural language queries across stored content and provides AI-assisted tools for draftin - [chatwoot/chatwoot](https://awesome-repositories.com/repository/chatwoot-chatwoot.md) (31,959 ⭐) — Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact. The platform distinguishes itself through an eve - [raspberrypifoundation/blockly](https://awesome-repositories.com/repository/raspberrypifoundation-blockly.md) (13,437 ⭐) — Blockly is a web-based visual programming editor and block-based code generator. It allows users to create programs by interlocking graphical blocks that translate into executable source code for various programming languages, removing the need for manual syntax entry. The project serves as a customizable framework for building specialized visual languages through a customizable block library. It includes a visual block designer for defining custom shapes, behaviors, and specialized input fields, as well as a plugin system to extend the editor's environment. The system manages programming lo - [henrypp/simplewall](https://awesome-repositories.com/repository/henrypp-simplewall.md) (8,044 ⭐) — Simplewall is an application firewall manager and network traffic filter that provides a graphical interface for the Windows Filtering Platform. It controls inbound and outbound network access for individual programs and services by intercepting and filtering traffic at the kernel level. The project identifies specific binaries using file hashes to prevent spoofing and allows users to define custom firewall rules based on IP addresses, CIDR ranges, and port numbers. It includes a system for blocking operating system telemetry and managing blocklists of known malicious IP addresses. The tool - [athensresearch/athens](https://awesome-repositories.com/repository/athensresearch-athens.md) (6,298 ⭐) — Athens is no longer maintainted. Athens was an open-source, collaborative knowledge graph, backed by YC W21 - [n8n-io/self-hosted-ai-starter-kit](https://awesome-repositories.com/repository/n8n-io-self-hosted-ai-starter-kit.md) (14,997 ⭐) — This project provides a dockerized AI workflow stack and orchestration templates for deploying a self-hosted AI environment. It establishes a localized infrastructure for building autonomous agents and model chains that process private data on-premises without external cloud dependencies. The environment is designed to support autonomous agent development, allowing models to dynamically select tools, execute shell commands, and interact with local file systems. It includes integrated vector database support to enable retrieval augmented generation and private document analysis. The stack cov - [linuxserver/docker-swag](https://awesome-repositories.com/repository/linuxserver-docker-swag.md) (3,608 ⭐) — This project is a Docker-based web gateway and Nginx reverse proxy manager. It functions as a containerized network edge designed to route incoming HTTP and HTTPS traffic to backend services using subdomains and subfolders. The system automates the procurement and renewal of Let's Encrypt SSL certificates via the ACME protocol and various DNS plugins. It includes a mechanism to export and share these certificates through persistent volumes so other containers can utilize the same encryption keys. Security is handled through a combination of server intrusion prevention, using Fail2Ban to moni - [gitroomhq/postiz-app](https://awesome-repositories.com/repository/gitroomhq-postiz-app.md) (32,271 ⭐) — Postiz is an open-source social media management platform designed to centralize the scheduling, publishing, and analysis of content across diverse social networks, community forums, and blogging platforms. It functions as a unified hub where users can coordinate, review, and distribute content through a shared team workspace, while leveraging integrated artificial intelligence to assist in drafting text and generating multimedia assets. The platform distinguishes itself through a modular architecture that utilizes a provider-specific adapter pattern to ensure consistent content distribution - [oisf/suricata](https://awesome-repositories.com/repository/oisf-suricata.md) (6,008 ⭐) — Suricata is an open-source network intrusion detection and prevention engine that analyzes live network traffic in real-time to identify and alert on malicious activity. It operates as a rule-based threat detection system, matching traffic against user-defined signatures to detect known attack patterns and policy violations, and can be placed inline to actively block malicious packets before they reach their target. The engine inspects a wide range of application-layer protocols including HTTP, DNS, TLS, SMB, and MQTT, and supports high-performance packet capture through specialized hardware a - [stevenblack/hosts](https://awesome-repositories.com/repository/stevenblack-hosts.md) (30,553 ⭐) — This project provides a system-wide content filtering utility that controls network traffic by redirecting domain resolution requests to local null addresses. By mapping unwanted hostnames to these addresses at the operating system level, it effectively blocks connections to advertising, tracking, and malicious domains across all applications on a machine. The core of the system is a data-driven build pipeline that aggregates multiple curated source lists into a single, unified configuration file. This process is highly customizable, allowing users to employ declarative filtering logic throug - [filebrowser/filebrowser](https://awesome-repositories.com/repository/filebrowser-filebrowser.md) (35,212 ⭐) — File Browser is a self-hosted application that provides a web-based interface for managing files and directories on a server. It functions as a virtual file system abstraction, allowing users to browse, organize, and edit text-based files directly within their browser without requiring local access to the server. The platform distinguishes itself through a comprehensive command-line interface that enables full administrative control over system configurations, user accounts, and automation hooks. It supports a flexible, event-driven architecture where custom shell scripts can be triggered aut - [healthchecks/healthchecks](https://awesome-repositories.com/repository/healthchecks-healthchecks.md) (9,891 ⭐) — Healthchecks is a heartbeat monitoring service and cron job monitoring tool designed to track the execution and success of scheduled tasks and systemd timers. It functions as a dead man switch, alerting users when expected periodic signals from remote processes fail to arrive. The system accepts health signals via HTTP and SMTP, allowing it to track infrastructure heartbeats from sources ranging from CI/CD workflows to network routers. It distinguishes itself by supporting the capture of diagnostic data, including exit codes and execution logs, and by calculating the duration between start an