🔥 Everything awesome about web-application firewalls (WAF).

WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Detect and bypass web application firewalls and protection systems

Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关，提供快速、安全的应用交付。

Web security protection system based on openresty

Linux Application Delivery Controller

Analysing parameters with all payloads' bypass methods, aiming at benchmarking security solutions like WAF.

A powerful PHP WAF for AWD

xWAF 3.0 - Free Web Application Firewall, Open-Source.

A guided mutation-based fuzzer for ML-based Web Application Firewalls

The Unified Web Administration Portal for Janusec Application Gateway (an application security solution which provides Web Application Firewall, unified web administration portal, private key protection, web routing and scalable load balancing).

WebCOP Firewall is advanced and PHP based web application firewall. Doesnt ask for root privileges.

Reinforced Mitigation Security Filter

A tool to perform DNS reconnaissance on target networks. Among the DNS information got from include subdomains, mx records, web application firewall detection and more fingerprinting and lookups

Signal Sciences Site Manager

Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.

F5 Agility Labs for Web Application Firewall Use Cases

Official NGINX compiled with NBS System NAXSI

PHP Web Application Firewall

Convert CIDR ranges into the ranges allowed by AWS WAF IP Sets

OCS-WAF: a Web Application Firewall based on anomaly detection using One-Class SVM classifier

Provision Azure Application Gateway to protect an existing Azure Web site

PowerShell script creating Azure App Gateway, App Service Web App and Azure SQL DB

Anomaly Detection with Spark Machine Learning

Avoid malicious payloads with machine learning!

A reverse proxy for golang that allows requests to be blocked/aborted before being sent upstream.

Modern HTTP Web Application Firewall that acts as a reverse proxy; written in Go.

SimpleWAF is a simple web application firewall writen using PHP that can send real time attacking report by some actor using Telegram Bot API.

NGINX reverse proxy using ModSecurity WAF to protect a web application

Prototype of reverse proxy web application firewall with vulnerable web server