lua-resty-waf is a high performance web application firewall (WAF) written for the OpenResty stack, leveraging the scalable architecture of Nginx, while providing a ModSecurity compatible rule syntax as well as a few custom rules built during initial development and testing, and a small virtual patchset for emerging threats. This allows users to move their ModSecurity WAF installations to the OpenResty ecosystem.
OpenResty is a full-fledged web platform that integrates the standard Nginx core, LuaJIT, Lua libraries, many high quality 3rd-party Nginx modules, and most of their external dependencies.
lua-resty-waf uses the Nginx Lua API to analyze HTTP request information and process against a flexible rule structure. Additionally, lua-resty-waf is distributed with tooling to automatically translate existing ModSecurity rules, allowing users to extend lua-resty-waf implementation without the need to learn a new rule syntax.
Key Features
- Analyze any aspect of an HTTP request or response for anomalous behaviors.
- Mitigate brute-force attacks to any request resource.
- Use real-time DNS blacklists to deny known malicious hosts.
- Protection from malicious automated bots and data harvesting services.
- Send audit event logs to a remote TCP/UDP/syslog server.
- Monitoring of interactive platform functionality, such as blog comments, for spam, DDoS, and vulnerability exploit.
- Behavioral analysis of traffic based on hit rate and request target.
- Use memcached or redis to store long-term variables.
lua-resty-waf was started by Robert Paprocki for his Master’s thesis at Western Governor’s University.
Website: github.com/p0pr0ck5/lua-resty-waf
Support:
Developer: Robert Paprocki and contributors
License: GNU General Public License v3.0
Related Software
| Web Application Firewalls | |
|---|---|
| ModSecurity | Web Application Firewall Engine for Apache, IIS and Nginx |
| BunkerWeb | Next-generation Web Application Firewall |
| NAXSI | Nginx Anti XSS & SQL Injection |
| Coraza | Enterprise grade, Golang port of ModSecurity |
| open-appsec | Automatic web application and API security using machine learning |
| lua-resty-waf | High Performance WAF Built on the OpenResty Stack |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |
The lua-resty-waf github page says the project is abandoned.
It says it’s essentially abandoned, and the repository hasn’t been archived, so there is always hope for a restart. And it could always be forked.
Ever the optimist Derek!