WAF stands for Web Application Firewall. Unlike traditional firewalls, WAF operates at the application layer and provides better protection for web systems based on HTTP/HTTPS protocols, shielding them from hacker attacks.

Below are the most popular open-source WAF projects in the current community (sorted by GitHub stars).

1. SafeLine (Community Edition)

Official GitHub: https://github.com/chaitin/SafeLine
Star：11.1K

Official Introduction: A web security gateway, serve as a reverse proxy to protect your websites from attacks and exploits.

SafeLine is a WAF driven by intelligent semantic analysis algorithms and enjoys high recognition in professional fields. The community edition of SafeLine is a simplified version of the enterprise product, designed to be more accessible and free for community use.
Among all WAFs, SafeLine is highly recommended. Community Edition leverages the protection capabilities of the enterprise version, ensuring security. This is also a major reason why the SafeLine Community Edition became popular on GitHub shortly after its release.

2. ModSecurity

Official GitHub: https://github.com/owasp-modsecurity/ModSecurity
Star：7.9K

ModSecurity is a classic open-source WAF project that has remained popular for many years.

ModSecurity is not a WAF itself but rather a "WAF ruleset." It serves as the foundational base for most WAFs. It does not include other common WAF features such as website management or log management, and it even lacks an interface. ModSecurity only provides protective rules.

ModSecurity is not suitable for direct use; it requires additional development and customization to be effectively implemented, resulting in a higher learning curve.

3. BunkerWeb

Official GitHub: https://github.com/bunkerity/bunkerweb
Star: 5K

Official Introduction: Make your web services secure by default.

Being a full-featured web server, it protects your web services to make them “secure by default”. BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) and is fully configurable to meet your own use-cases.

4. NAXSI

Official GitHub: https://github.com/nbs-system/naxsi
Star：4.8K

Official Introduction: An open-source, high performance, low rules maintenance WAF for NGINX.

NAXSI is Nginx Anti-XSS & SQL Injection. So, as you can guess, this is only for the Nginx web server and mainly target to protect from cross-site scripting & SQL injection attacks.
NAXSI filters only GET and PUT requests, and the default configuration will act as a DROP-by-default firewall, so you got to add the ACCEPT rule to work correctly.

5.uu WAF

Official GitHub:https://github.com/Safe3/uuWAF
Star:600

Official Introduction: A industry-leading free, high-performance, AI and semantic technology web application and API security protection product. 

uu WEB Application Firewall is a comprehensive website protection product launched by Youan Technology. It is developed based on Youan Technology’s proprietary WEB intrusion anomaly detection technology, combined with the team's years of application security attack and defense theory and emergency response practice.
Currently, uuWAF allowing for convenient one-click deployment through 1panel. The major issue is that it does not support upgrades at the moment; each update requires a complete reinstallation.

6. Shadow Daemon

Official GitHub: https://github.com/zecure/shadowd
Star：293

Official Introduction: The Shadow Daemon web application firewall server
Supporting PHP, Perl, and Python, Shadow Daemon detects, records, and prevents web attacks by filtering malicious requests. It comes with its own interface for administration and management.