BunkerWeb

BunkerWeb is an open source next-generation Web Application Firewall that acts as a reverse proxy in front of web services, blocking attacks before they reach backend servers and guaranteeing confidentiality, integrity, and availability of data. Developed by Bunkerity, the firewall protects against common web threats including the OWASP Top 10 vulnerability classes, malicious bots, DDoS attacks, brute force authentication attempts, SQL injection, cross-site scripting, and remote code execution. The integration architecture supports deployment on Linux directly, as a Docker container, on Kubernetes clusters, and as an autoconf companion service that automatically detects and secures new containers. Core security modules include ModSecurity Web Application Firewall with the Coraza WAF engine, Coreruleset with recommended and blocklists configurations, anti-bot challenges using JavaScript-based browser verification, DNSBL and crowdsec IP reputation checking, bandwidth and connection rate limiting, request filtering with whitelisting and blacklisting, geolocation-based access control, HTTPS certificate management through Let us Encrypt with automatic renewal, HTTP Strict Transport Security headers, and TLS configuration with modern cipher suites. The security model centers on being secure by default, requiring no configuration to achieve baseline protection. Fine-grained settings are available through a YAML configuration file or environment variables. The BunkerWeb Enterprise edition adds a web dashboard, centralized management of multiple instances, SSO integration, live threat monitoring, professional support, and a partners network. With over 7,500 GitHub stars. Open source under the AGPL 3.0 license.