Download Now

Websites hosted on the Internet are continuously inundated with unwanted traffic coming from bots (robots, and automated programs that trawl the internet for vulnerable websites), hacktivists, and focused attack groups. The intent is simple – exploit vulnerabilities to: 

  1. Deface a website 
  2. Steal sensitive information (usernames and passwords, sensitive private information, etc.)
  3. Compromise the web server and add it to their bot network. The bot can then be used to target other vulnerable websites and networks. 

Thousands of websites get hacked every day due to vulnerabilities in code or misconfigurations. One of the best ways to protect your web application from online threats is to use a Web Application Firewall (WAF) or Web Application and API Protection (WAAP) solution

A WAF / WAAP solution helps protect websites and APIs by inspecting and filtering traffic between the web servers and the Internet. The solution can help defend web applications from attacks such as SQL Injection, File Inclusion, Cross-Site-Scripting, Remote Code Execution, etc. 

Many Commercial WAF / WAAP solutions exist but over the years, many open source web application firewall and freemium WAF solutions have also come to the aid of website owners to help secure their web applications. Below are some of the top open-source/freemium solutions: 

Haltdos WAF Community Edition (CE) 

Type: Freemium

Haltdos WAF CE is a free version by Haltdos. It is a high-performance WAF and WAAP solution designed to safeguard Web Applications and APIs. Unlike many other open-source WAF solutions in the list, Haltdos uses a new HTTP request processing engine designed for handling performance, creating complex rules, and mitigating sophisticated attacks. Supports complex attack mitigation techniques such as captcha, rate limiting, anomaly detection, redirection, request termination, and connection termination. 

Pros of Haltdos WAF CE: 

  • Support for protection against OWASP Top 10 attacks including SQL Injection, XSS, RFI, LFI, RCE, etc. 
  • Built-in 1000+ rules with daily threat intel from Haltdos 
  • GUI managed WAF 
  • Support for Anti-Bot and API security 
  • Built-in load balancing and server monitoring 
  • Easy False Positive management 
  • Good documentation 

Cons of Haltdos WAF CE: 

  • One installation of WAF protects only one website.  
  • Advanced rule support is available only in the commercial offering 
  • Freemium solution instead of open source 

ModSecurity 

Type: Open Source

Sometimes also referred to as Modsec, ModSecurity is an open-source web application firewall (WAF) built by TrustWave. One of the oldest open-source solutions, this WAF comes as a module for Apache HTTP Server, Nginx, and Microsoft IIS. It is free software distributed under the Apache 2.0 license. 

Effective July 1, 2024, Trustwave will no longer provide support for ModSecurity. The maintenance of the ModSecurity code will thereafter be returned to the open-source community. 

Pros of ModSecurity: 

  • Extensive framework for HTTP request and response filtering 
  • Real-time application security monitoring and access control, Full HTTP traffic logging, Continuous passive security assessment 
  • Works for any type of website or web applications 

Cons of ModSecurity: 

  • Regex-based rules are hard to maintain 
  • Multiple rules may create false positives and fine-tuning the rules is hard 
  • No graphical user interface (GUI) 
  • High resource utilization when too many rules are configured 

NAXSI 

Type: Open Source

Another popular open source WAF is NAXSI. NAXSI is a third party nginx module that has a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. These rules compute score for every request and when the score threshold is breached, the requests are dropped. NAXSI only filters GET, POST and PUT requests, and its default setup acts as a DROP-by-default firewall, thus you must add the ACCEPT rule for it to function properly. 

Pros of NAXSI: 

  • Low resource consumption. 
  • Works as an add-on module to popular open-source Nginx solution. 
  • Works for any time of website or web applications. 

Cons of NAXSI: 

  • Restricted only to XSS and SQL Injection attacks. This leaves application vulnerable to other attacks such as LFI, RFI, RCE, etc. 
  • No support available for complex rules for sophisticated attacks. 
  • Difficult to decide threshold without learning 
  • No graphical user interface (GUI) 

Shadow Daemon 

Type: Open Source

Shadow Daemon detect, record, and prevent web attacks by filtering request from malicious parameters. It comes with an own interface where you can perform administration and manage this WAF. It supports PHP, Perl & Python language framework. 

Pros of Shadow Daemon: 

  • Supports whitelist and blacklist 
  • Blocks only dangerous part of malicious request 
  • GUI for management 

Cons of Shadow Daemon: 

  • Does not block malicious requests 
  • Lacks support for sophisticated attacks 

WebKnight 

Type: Open Source

WebKnight is an application firewall for the Microsoft IIS. The set of tools scan all the requests and filter them according to rules set by the administrator. 

Pros of WebKnight: 

  • Good coverage of attack protection 
  • GUI for management 

Cons of WebKnight: 

  • Only supports Microsoft IIS web servers 
  • Lacks community for issue diagnosis and support 

OctopusWAF 

Type: Open Source

OctopusWAF is an open-source Web application firewall written completely in C that makes numerous connections using libevent. The event-driven design is geared for many concurrent connections (keep-alive), which is essential for AJAX applications with high speed. This tool is quite lightweight. You may use it in any desired manner. This resource is ideal for securing particular endpoints that require customized security. 

Pros of OctopusWAF: 

  • Supports complex rules with regex and string-matching algorithms like DFA, karpa-rabin, etc. 

Cons of OctopusWAF: 

  • Does not support TLS and certificate upload 
  • Limited rules against attacks such as LFI, RFI, RCE, etc. 
  • No GUI for management 

Coraza 

Type: Open Source

Coraza is an open-source, high-performance Web Application Firewall (WAF) designed to safeguard your most cherished apps. It is developed in the Go programming language, supports ModSecurity and SecLang rule sets, and is fully compatible with the OWASP Core Rule Set. Built as a modular design, it has supports for plugins for GeoIP, etc. 

Pros of Coraza: 

  • Supports OWASP CRS ruleset 

Cons of Coraza: 

  • Limited capability to modify built-in rules 
  • Lacks the capability to create custom rules 
  • No GUI for management 
Close
Search

Hit enter to search or ESC to close