30 open-source projects similar to loveshell/ngx_lua_waf, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Ngx Lua Waf alternative.
Rack-attack is a middleware rate limiter and request filter for the Rack interface. It provides a system for throttling HTTP requests and maintaining IP address blocklists to protect applications from malicious traffic and denial-of-service attacks. The project enables application layer DDoS mitigation and API rate limit management by identifying and rejecting requests from banned clients or abusive IP addresses. It allows for the definition of safelists to bypass filters and uses custom logic to determine if a client should be blocked or throttled. The tool covers comprehensive traffic mana
This project is a collection of configuration files and scripts serving as a bot blocker and security middleware for Nginx. It functions as an automated blocklist manager that filters malicious user-agents and IP addresses to mitigate vulnerability scanning, login brute-forcing, and DDoS attacks. The system distinguishes itself by automating the maintenance of security rules, downloading updated bot definitions and reloading the server on a schedule. It also includes a search engine spam filter capable of generating robots.txt files and link disavow lists to prevent malicious domains from imp
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
LLM Guard is a security firewall and guardrail framework designed to scan and sanitize inputs and outputs for large language models. It functions as a proxy gateway and security layer to block prompt injections, toxicity, and sensitive data leakage while ensuring that model interactions remain compliant with organizational policies. The system distinguishes itself through a modular scanner pipeline that utilizes local model orchestration to eliminate external network dependencies. It supports real-time security filtering via streaming chunk analysis and implements a fail-fast execution model
Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments. It functions as a security policy manager, observability agent, and enforcement engine that hooks into kernel functions and tracepoints to detect privilege escalation, container escapes, and unauthorized system activity. The project distinguishes itself through its ability to perform real-time, in-kernel enforcement, allowing it to synchronously terminate malicious processes or modify function return values before a system call completes. It provides deep Kubernetes integration
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
afrog is an HTTP vulnerability scanner and web vulnerability management system that identifies security flaws and known CVEs using a YAML-based rule engine. It functions as a payload generator and scanner, comparing server responses against detection rules to find unauthorized access points. The project provides a framework for out-of-band security testing, detecting blind vulnerabilities by triggering and verifying external DNS or HTTP callbacks. Beyond web traffic, it includes a protocol fuzzer capable of executing multi-step read and write sequences over raw TCP and SSL sockets to identify
Jeesite is a full-stack low-code development framework designed for building enterprise administrative portals using Spring Boot, MyBatis, and Vue. It functions as a comprehensive platform for creating administrative dashboards with integrated role-based access control and organizational data permission systems. The framework distinguishes itself through a combination of automated CRUD code generation and an integrated RAG platform that connects large language models to enterprise data via vector stores. It further incorporates a BPMN-based workflow engine to automate complex business process
Opensnitch is a host-based application firewall for Linux that monitors and intercepts outbound network connections in real time. By hooking into kernel-level interfaces, it tracks system-wide network activity and maps connection attempts to specific local processes, allowing users to explicitly permit or deny traffic on a per-application basis. The project distinguishes itself through its ability to manage security policies across multiple distributed nodes from a single, unified dashboard. This centralized management is secured via encrypted socket communication, enabling consistent rule en
all-in-one is a containerized deployment system designed to install and manage a complete suite of productivity and collaboration services. It functions as a cloud suite deployer that orchestrates the installation of a self-hosted content platform, incorporating necessary dependencies via Docker or Kubernetes. The project distinguishes itself by providing a web-based dashboard for orchestrating, updating, and monitoring the lifecycle of service containers. It also serves as a local AI inference server, enabling the execution of generative text models, image diffusion, and speech processing on
Webhook.site is a web-based tool that captures, inspects, and debugs incoming HTTP requests and emails sent to a unique URL, without requiring any server setup. It also functions as an API mocking and response modification tool, capable of generating mock APIs from OpenAPI specifications and altering HTTP responses, headers, and status codes for testing purposes. Beyond inspection, it serves as a platform for webhook automation and workflow orchestration, triggering multi-step automations—including database queries, SSH commands, and HTTP calls—when a webhook is received. The service distingu
Excelize is a library for reading and writing spreadsheet files in the Office Open XML format. It provides a comprehensive suite of tools for programmatically creating, modifying, and analyzing workbooks, worksheets, and cell data, ensuring compatibility across various office software suites through structured XML serialization. The library distinguishes itself with a built-in formula calculation engine that evaluates complex mathematical and logical expressions directly against workbook data. It also features a memory-mapped streaming architecture, which allows for the efficient processing o
This project is an NGINX performance module and automatic page accelerator that optimizes web pages and associated assets to reduce load times. It functions as a web asset optimizer that minifies CSS and JavaScript and compresses images to reduce total data transfer. The system operates as an HTTP cache optimizer, modifying cache headers and extending asset lifetimes to decrease the frequency of repeat downloads. It automatically applies web performance best practices to accelerate page loading and improve delivery speed. The project covers broad capability areas including frontend asset com
BunkerWeb is a containerized suite of infrastructure tools that functions as a cloud-native web application firewall and Nginx reverse proxy. It provides a security layer for web applications, combining traffic routing with automated SSL certificate management and a web-based security dashboard for monitoring and configuration. The project distinguishes itself through its deep integration with container orchestrators, serving as a Kubernetes ingress controller that automates security settings and service discovery via container labels. It features a plugin-based extension model and a manageme
ModSecurity is an open-source web application firewall and security engine. It functions as an HTTP traffic inspector and intrusion detection system that filters incoming web requests and responses against a set of security rules to block threats and prevent attacks on web servers. The project provides a modular framework for implementing restrictive security policies and custom filtering logic. It identifies and blocks common injection attacks, such as cross-site scripting and SQL injection, while hardening web applications to reduce their overall attack surface. Its broader capabilities in
Coraza is a web application firewall engine designed to filter malicious HTTP traffic using standardized security directives. It functions as a library for embedding request filtering and security transaction processing directly into web servers or reverse proxies. The engine implements the ModSecurity WAF engine and the OWASP Core Rule Set to identify and block common web attack patterns. It utilizes a library-first integration model, allowing security capabilities to be embedded into a host process as a dependency rather than running as a standalone proxy. The project covers rule-based pat
sd is a command line text manipulation utility designed for searching and replacing text patterns across multiple files. It functions as a regex-based find and replace tool that allows for in-place file editing directly from the terminal. The project supports both regular expression replacements, including the use of capture groups for complex transformations, and fixed string replacement for literal text substitutions. It specifically handles multi-line text replacement by processing file contents as single blocks to match patterns that span across newline characters. The tool provides capa
Naxsi is a web application firewall for NGINX servers designed to protect web applications from attacks by inspecting HTTP traffic for malicious patterns and vulnerability signatures. It functions as a vulnerability signature filter that matches incoming requests against known markers for threats such as SQL injection and cross-site scripting. The system includes a learning system and an automated rule generation utility to reduce false positives. It analyzes website behavior over time to create traffic whitelists and security exceptions for legitimate traffic patterns. The project provides
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
Azure Docs is the official technical documentation repository for Microsoft Azure, the cloud computing platform. It provides comprehensive guidance on the full spectrum of Azure services, covering everything from core infrastructure components like virtual machines, Kubernetes clusters, and serverless computing to platform services for AI, machine learning, data analytics, and storage. The documentation details how to provision, manage, and govern cloud resources at scale, including policy enforcement, identity management, and cost optimization. The documentation distinguishes Azure through i
Zen Desktop is a cross-platform proxy client and network request filter for Windows, macOS, and Linux. It functions as a system-wide ad blocker and privacy protection tool that intercepts network traffic across all operating system applications to block advertisements, trackers, and malware. The software employs a network request filtering system that modifies HTTP headers and prunes JSON data using custom rules and regular expressions. It specifically removes tracking parameters and sanitizes network headers to prevent activity monitoring. The project provides capabilities for blocklist man
mtail is a log-based metrics extractor and time-series monitoring agent. It functions as a log pattern parser that transforms unstructured log text into structured numerical monitoring data without requiring modifications to the original source code. The tool operates as a push-based telemetry pipeline, aggregating extracted metrics in memory before transmitting them to remote monitoring endpoints and time-series databases. Its capabilities cover log data telemetry, application performance monitoring, and custom log monitoring through a pipeline that moves parsed data from text logs to exter
This project is a Go-based HTTP proxy server designed as a censorship circumvention tool. It functions as an upstream proxy manager and SOCKS5 tunneling gateway that routes network traffic between clients and destination servers to bypass network restrictions. The system differentiates itself through automated proxy routing, which detects unreachable websites and automatically switches traffic between direct access and a pool of parent proxies. It includes a PAC file generator to produce proxy auto-config files for browsers and integrates SSH tunneling to establish secure remote sockets. Bro
Sprig is a comprehensive library of helper functions designed to extend the Go text template engine. It provides a wide array of custom functions that can be injected into the engine to enable complex data manipulation and logic directly within templates. The project offers specialized capabilities for cryptography, including the generation of private keys, X.509 certificates, and secure password hashes. It also includes advanced logic extensions for semantic versioning comparison, ternary evaluations, and the resolution of environment variables from the host operating system. The library co
This project is a Rack middleware rate limiter and application layer firewall for Ruby web applications. It serves as a security layer to throttle and block HTTP requests based on custom rules, protecting web servers from abusive traffic. The system provides capabilities for IP blocking and the banning of malicious clients. It implements request safelisting to bypass restrictions for trusted users and uses time-windowed rate limiting to control request frequency. The middleware covers traffic management and monitoring, including the ability to track request patterns and instrument traffic ev
JSON5 is a parser and serializer for a human-readable configuration format that extends JSON. It serves as a JavaScript-based data parser that allows for a more flexible version of the JSON specification to simplify manual editing of data files. The project provides capabilities to support comments, trailing commas, and multi-line strings. It includes utilities to convert this extended syntax into standard JSON for compatibility with tools requiring strict specifications. The library covers data serialization, string parsing, and structural syntax validation. It also provides integration for
Apkleaks is a static analysis tool and security auditor designed to extract hardcoded secrets, API endpoints, and sensitive data from Android application packages. It operates as a secret scanner that analyzes compiled binaries without executing them to identify potential information leaks and insecure endpoints. The tool utilizes a regex-based data extraction engine to identify sensitive strings within decompiled code. It supports customization through JSON-defined search patterns and provides configuration flags to tune the behavior of the underlying disassembler. The analysis pipeline enc
Adblock4limbo is a collection of JavaScript-based scripts and tools designed for web content filtering and advertisement blocking. It functions as a content filter and user script suite that removes pop-ups, banners, and trackers from websites. The project includes a bilingual web translator for side-by-side content translation, an M3U8 video link extractor for retrieving direct stream URLs, and a web content filter specifically designed to remove sponsored links and content farm entries from search engine results. Its capabilities extend to network traffic management, including request filt
This project is a collection of technical guides and configuration patterns for tuning Nginx server performance, managing traffic flow, and implementing protocol-aware routing. It provides a curated set of parameters and best practices to optimize request handling, memory usage, and CPU efficiency. The project includes a method for sharing a single port between different protocols by inspecting initial packets to route traffic to the correct backend. It also provides configuration patterns for implementing request rate limiting and range request restrictions to mitigate denial of service atta
Write-good is a command-line text analysis tool and English prose linter designed to identify grammatical errors and stylistic weaknesses. It functions as a readability optimization tool that scans documents to identify passive voice and wordy phrases. The system serves as a customizable prose style checker, allowing for the definition of specific language rules and forbidden terms to enforce project-specific writing guidelines. The tool provides capabilities for automated text analysis, style guide enforcement, and technical writing quality improvement. It supports the integration of custom