# loveshell/ngx_lua_waf

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/loveshell-ngx-lua-waf).**

4,025 stars · 1,457 forks · Lua

## Links

- GitHub: https://github.com/loveshell/ngx_lua_waf
- awesome-repositories: https://awesome-repositories.com/repository/loveshell-ngx-lua-waf.md

## Description

ngx_lua_waf is an OpenResty web application firewall that uses Lua to filter malicious HTTP requests and block web attacks. It operates as a programmable request filter and IP access controller for Nginx, providing a security layer to identify and block unauthorized scanners, fuzzing attempts, and abnormal network requests.

The project includes capabilities for HTTP layer 7 DDoS mitigation by restricting request frequency per IP address. It further secures the environment by restricting access to sensitive archives and blocking script execution in upload directories to prevent data leakage.

The system manages security through regular expression pattern matching across URLs, headers, cookies, and POST bodies to block threats such as SQL injection and XSS. It provides administrative tools for managing IP white-lists and black-lists, logging security events for auditing, and synchronizing firewall rules from a remote server.

## Tags

### DevOps & Infrastructure

- [NGINX Extensions](https://awesome-repositories.com/f/devops-infrastructure/nginx-extensions.md) — Implements security logic as a programmable extension within the Nginx request processing pipeline using Lua.
- [Access Control Lists](https://awesome-repositories.com/f/devops-infrastructure/network-traffic-controllers/access-control-lists.md) — Controls network traffic by permitting or blocking requests based on defined IP white-lists and black-lists. ([source](https://github.com/loveshell/ngx_lua_waf/blob/master/README.md))
- [Traffic Management](https://awesome-repositories.com/f/devops-infrastructure/traffic-management.md) — Controls traffic based on IP lists and concurrency limits to protect server resources from exhaustion. ([source](https://github.com/loveshell/ngx_lua_waf/blob/master/waf.lua))

### Security & Cryptography

- [Web Application Firewalls](https://awesome-repositories.com/f/security-cryptography/web-application-firewalls.md) — Implements a web application firewall that protects services from SQL injection and XSS via real-time HTTP traffic inspection.
- [Denial of Service Prevention](https://awesome-repositories.com/f/security-cryptography/denial-of-service-prevention.md) — Mitigates high-frequency stress testing and coordinated attacks by limiting the request rate per IP address. ([source](https://github.com/loveshell/ngx_lua_waf/blob/master/README.md))
- [DoS Attack Defenses](https://awesome-repositories.com/f/security-cryptography/dos-attack-defenses.md) — Prevents server resource exhaustion by implementing defenses against flooding and DoS attack patterns.
- [File Upload Security](https://awesome-repositories.com/f/security-cryptography/file-upload-security.md) — Scans POST data and uploaded file extensions for malicious patterns to prevent injection and file-upload attacks. ([source](https://github.com/loveshell/ngx_lua_waf/blob/master/waf.lua))
- [Payload Inspection](https://awesome-repositories.com/f/security-cryptography/file-upload-security/upload-filter-bypass-payloads/payload-inspection.md) — Analyzes request bodies and uploaded file extensions for malicious patterns to stop injection and file-upload threats.
- [Malicious Traffic Blocking](https://awesome-repositories.com/f/security-cryptography/malicious-traffic-blocking.md) — Filters incoming network traffic to block unauthorized scanners, fuzzing attempts, and other malicious request patterns.
- [Request Body Inspection](https://awesome-repositories.com/f/security-cryptography/remote-access-management/content-access-controllers/request-body-inspection.md) — Inspects URLs, POST bodies, and cookies for malicious patterns to block abnormal network requests. ([source](https://github.com/loveshell/ngx_lua_waf/blob/master/README.md))
- [Scanner Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/scanner-traffic-filtering.md) — Inspects request methods, headers, and cookies to identify and block unauthorized scanners and malicious traffic. ([source](https://github.com/loveshell/ngx_lua_waf/blob/master/waf.lua))
- [Web Attack Blocking](https://awesome-repositories.com/f/security-cryptography/web-attack-blocking.md) — Filters incoming requests for common injection and fuzzing attempts using configurable regular expression rules. ([source](https://github.com/loveshell/ngx_lua_waf/blob/master/README.md))
- [Remote Rule Synchronization](https://awesome-repositories.com/f/security-cryptography/custom-detection-rules/prebuilt-detection-rule-packs/remote-rule-synchronization.md) — Updates firewall protection patterns by downloading and synchronizing new configuration files from a remote server.
- [IP Allow/Deny Lists](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/deny-list-policies/ip-allow-deny-lists.md) — Manages access to the server by permitting or blocking requests based on defined IP white-lists and black-lists.
- [Path Access Restrictions](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/file-system-access-controls/path-access-restrictions.md) — Blocks unauthorized access to sensitive archives and prevents script execution in specific directories.
- [Sensitive File Protections](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/file-system-access-controls/sensitive-file-protections.md) — Blocks public web access to sensitive archives and prevents script execution in upload directories to prevent data leakage.

### Part of an Awesome List

- [Network Request Filters](https://awesome-repositories.com/f/awesome-lists/data/regular-expressions/regular-expression-filtering/network-request-filters.md) — Uses regular expression rules to inspect and block common web threats such as SQL injection and XSS. ([source](https://github.com/loveshell/ngx_lua_waf#readme))
- [Programmable Request Filters](https://awesome-repositories.com/f/awesome-lists/data/regular-expressions/regular-expression-filtering/network-request-filters/programmable-request-filters.md) — Provides a programmable Lua-based engine to scan HTTP headers and request bodies for malicious injection patterns.
- [Regex Pattern Matching](https://awesome-repositories.com/f/awesome-lists/devtools/regex-and-pattern-matching/regex-pattern-matching.md) — Scans request headers and bodies against predefined regular expression rules to identify and block web attacks.
- [Layer 7 Rate Limiters](https://awesome-repositories.com/f/awesome-lists/security/ddos-mitigation/layer-7-rate-limiters.md) — Mitigates Layer 7 DDoS attacks by restricting the frequency of requests allowed from a single IP address.

### Networking & Communication

- [IP Address Filtering](https://awesome-repositories.com/f/networking-communication/ip-address-filtering.md) — Filters network traffic by comparing client IP addresses against configured white-lists and black-lists.

### Software Engineering & Architecture

- [IP-Based Rate Limiting](https://awesome-repositories.com/f/software-engineering-architecture/traffic-management/request-rate-limiting/ip-based-rate-limiting.md) — Prevents denial of service attacks by restricting the number of requests allowed per IP address.

### System Administration & Monitoring

- [Firewall Rule Synchronization](https://awesome-repositories.com/f/system-administration-monitoring/user-group-management/firewall-rule-synchronization.md) — Synchronizes firewall security policies by downloading new rule files from a remote server. ([source](https://github.com/loveshell/ngx_lua_waf#readme))
