5 Best Free and Open Source WAF for 2025

1. SafeLine

   1 182 16,069 9.3 Go

   SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.

   

   Link: SafeLine on GitHub

2. Judoscale

   judoscale.com featured

   Save 47% on cloud hosting with autoscaling that just works. Judoscale integrates with Django, FastAPI, Celery, and RQ to make autoscaling easy and reliable. Save big, and say goodbye to request timeouts and backed-up task queues.

   

3. ModSecurity

   2 2 7,940 - C++

   Discontinued ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. [Moved to: https://github.com/owasp-modsecurity/ModSecurity] (by SpiderLabs)

   

   Link: ModSecurity on GitHub

4. Awesome-WAF

   3 5 6,608 3.7 Python

   🔥 Web-application firewalls (WAFs) from security standpoint.

   

   Link: Awesome-WAF on GitHub

5. BunkerWeb

   4 24 7,837 9.9 Python

   🛡️ Open-source and next-generation Web Application Firewall (WAF)

   

   Link: BunkerWeb on GitHub

6. wafw00f

   5 5 5,602 6.4 Python

   WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

   

   Link: wafw00f on GitHub

7. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

Suggest a related project