awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
loveshell avatar

loveshell/ngx_lua_waf

0
View on GitHub↗
4,025 stele·1,457 fork-uri·Lua·2 vizualizări

Ngx Lua Waf

ngx_lua_waf este un firewall pentru aplicații web (WAF) OpenResty care utilizează Lua pentru a filtra cererile HTTP malițioase și a bloca atacurile web. Acționează ca un filtru de cereri programabil și controler de acces IP pentru Nginx, oferind un strat de securitate pentru a identifica și bloca scanerele neautorizate, tentativele de fuzzing și cererile de rețea anormale.

Proiectul include capabilități pentru atenuarea DDoS la nivelul 7 HTTP prin restricționarea frecvenței cererilor per adresă IP. Securizează mediul suplimentar prin restricționarea accesului la arhive sensibile și blocarea execuției de scripturi în directoarele de upload pentru a preveni scurgerile de date.

Sistemul gestionează securitatea prin potrivirea modelelor de expresii regulate (regex) în URL-uri, headere, cookie-uri și corpuri POST pentru a bloca amenințări precum SQL injection și XSS. Oferă instrumente administrative pentru gestionarea listelor albe și negre de IP-uri, logarea evenimentelor de securitate pentru audit și sincronizarea regulilor de firewall de la un server remote.

Features

  • NGINX Extensions - Implements security logic as a programmable extension within the Nginx request processing pipeline using Lua.
  • Web Application Firewalls - Implements a web application firewall that protects services from SQL injection and XSS via real-time HTTP traffic inspection.
  • Network Request Filters - Uses regular expression rules to inspect and block common web threats such as SQL injection and XSS.
  • Programmable Request Filters - Provides a programmable Lua-based engine to scan HTTP headers and request bodies for malicious injection patterns.
  • Regex Pattern Matching - Scans request headers and bodies against predefined regular expression rules to identify and block web attacks.
  • Layer 7 Rate Limiters - Mitigates Layer 7 DDoS attacks by restricting the frequency of requests allowed from a single IP address.
  • Access Control Lists - Controls network traffic by permitting or blocking requests based on defined IP white-lists and black-lists.
  • IP Address Filtering - Filters network traffic by comparing client IP addresses against configured white-lists and black-lists.
  • Denial of Service Prevention - Mitigates high-frequency stress testing and coordinated attacks by limiting the request rate per IP address.
  • DoS Attack Defenses - Prevents server resource exhaustion by implementing defenses against flooding and DoS attack patterns.
  • File Upload Security - Scans POST data and uploaded file extensions for malicious patterns to prevent injection and file-upload attacks.
  • Payload Inspection - Analyzes request bodies and uploaded file extensions for malicious patterns to stop injection and file-upload threats.
  • Malicious Traffic Blocking - Filters incoming network traffic to block unauthorized scanners, fuzzing attempts, and other malicious request patterns.
  • Request Body Inspection - Inspects URLs, POST bodies, and cookies for malicious patterns to block abnormal network requests.
  • Scanner Traffic Filtering - Inspects request methods, headers, and cookies to identify and block unauthorized scanners and malicious traffic.
  • Web Attack Blocking - Filters incoming requests for common injection and fuzzing attempts using configurable regular expression rules.
  • IP-Based Rate Limiting - Prevents denial of service attacks by restricting the number of requests allowed per IP address.
  • Traffic Management - Controls traffic based on IP lists and concurrency limits to protect server resources from exhaustion.
  • Remote Rule Synchronization - Updates firewall protection patterns by downloading and synchronizing new configuration files from a remote server.
  • IP Allow/Deny Lists - Manages access to the server by permitting or blocking requests based on defined IP white-lists and black-lists.
  • Path Access Restrictions - Blocks unauthorized access to sensitive archives and prevents script execution in specific directories.
  • Sensitive File Protections - Blocks public web access to sensitive archives and prevents script execution in upload directories to prevent data leakage.
  • Firewall Rule Synchronization - Synchronizes firewall security policies by downloading new rule files from a remote server.

Istoric stele

Graficul istoricului de stele pentru loveshell/ngx_lua_wafGraficul istoricului de stele pentru loveshell/ngx_lua_waf

Căutare AI

Explorează mai multe repository-uri excelente

Descrie ce ai nevoie în limbaj simplu — AI-ul sortează mii de proiecte open source selectate în funcție de relevanță.

Start searching with AI

Alternative open-source pentru Ngx Lua Waf

Proiecte open-source similare, clasificate după numărul de funcționalități comune cu Ngx Lua Waf.
  • rack/rack-attackAvatar rack

    rack/rack-attack

    5,746Vezi pe GitHub↗

    Rack-attack is a middleware rate limiter and request filter for the Rack interface. It provides a system for throttling HTTP requests and maintaining IP address blocklists to protect applications from malicious traffic and denial-of-service attacks. The project enables application layer DDoS mitigation and API rate limit management by identifying and rejecting requests from banned clients or abusive IP addresses. It allows for the definition of safelists to bypass filters and uses custom logic to determine if a client should be blocked or throttled. The tool covers comprehensive traffic mana

    Rubyrackrack-attackrack-middleware
    Vezi pe GitHub↗5,746
  • mitchellkrogza/nginx-ultimate-bad-bot-blockerAvatar mitchellkrogza

    mitchellkrogza/nginx-ultimate-bad-bot-blocker

    4,750Vezi pe GitHub↗

    This project is a collection of configuration files and scripts serving as a bot blocker and security middleware for Nginx. It functions as an automated blocklist manager that filters malicious user-agents and IP addresses to mitigate vulnerability scanning, login brute-forcing, and DDoS attacks. The system distinguishes itself by automating the maintenance of security rules, downloading updated bot definitions and reloading the server on a schedule. It also includes a search engine spam filter capable of generating robots.txt files and link disavow lists to prevent malicious domains from imp

    Shelladwarebot-blockerbots
    Vezi pe GitHub↗4,750
  • microsoft/security-101Avatar microsoft

    microsoft/Security-101

    6,203Vezi pe GitHub↗

    Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do

    HTMLappseccia-triaddata-protection
    Vezi pe GitHub↗6,203
  • protectai/llm-guardAvatar protectai

    protectai/llm-guard

    2,561Vezi pe GitHub↗

    LLM Guard is a security firewall and guardrail framework designed to scan and sanitize inputs and outputs for large language models. It functions as a proxy gateway and security layer to block prompt injections, toxicity, and sensitive data leakage while ensuring that model interactions remain compliant with organizational policies. The system distinguishes itself through a modular scanner pipeline that utilizes local model orchestration to eliminate external network dependencies. It supports real-time security filtering via streaming chunk analysis and implements a fail-fast execution model

    Pythonadversarial-machine-learningchatgptlarge-language-models
    Vezi pe GitHub↗2,561
Vezi toate cele 30 alternative pentru Ngx Lua Waf→

Întrebări frecvente

Ce face loveshell/ngx_lua_waf?

ngxluawaf este un firewall pentru aplicații web (WAF) OpenResty care utilizează Lua pentru a filtra cererile HTTP malițioase și a bloca atacurile web. Acționează ca un filtru de cereri programabil și controler de acces IP pentru Nginx, oferind un strat de securitate pentru a identifica și bloca scanerele neautorizate, tentativele de fuzzing și cererile de rețea anormale.

Care sunt principalele funcționalități ale loveshell/ngx_lua_waf?

Principalele funcționalități ale loveshell/ngx_lua_waf sunt: NGINX Extensions, Web Application Firewalls, Network Request Filters, Programmable Request Filters, Regex Pattern Matching, Layer 7 Rate Limiters, Access Control Lists, IP Address Filtering.

Care sunt câteva alternative open-source pentru loveshell/ngx_lua_waf?

Alternativele open-source pentru loveshell/ngx_lua_waf includ: rack/rack-attack — Rack-attack is a middleware rate limiter and request filter for the Rack interface. It provides a system for… mitchellkrogza/nginx-ultimate-bad-bot-blocker — This project is a collection of configuration files and scripts serving as a bot blocker and security middleware for… microsoft/security-101 — Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular,… protectai/llm-guard — LLM Guard is a security firewall and guardrail framework designed to scan and sanitize inputs and outputs for large… cilium/tetragon — Tetragon is an eBPF-based runtime security and observability toolset designed for Linux and Kubernetes environments.… owasp/cheatsheetseries — The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and…