Skip to content

bunkerweb

Network Security

An open‑source Web Application Firewall (WAF) that acts as a full‑featured NGINX‑based reverse proxy to make web services "secure by default".

Track releases GitHub Website
Python Latest v1.6.11 · 9d ago Security brief →

Features

  • Full‑featured NGINX‑based WAF that works as a reverse proxy for any web service
  • Secure‑by‑default settings with minimal configuration required
  • Highly customizable via CLI or an awesome built‑in web UI
  • Extensible plugin system to add extra security modules
  • Free (AGPLv3) and backed by professional support services

Recent releases

View all 5 releases →
Upgrade now
v1.6.11 Security relevant
RCE / SSRF Breaking upgrade

nginx security fix

Open
Upgrade now
v1.6.10 Breaking risk
Auth RBAC Dependencies +2 more

Security + feature updates

Open
v1.6.9 Security relevant
Security fixes
  • SafeFileSystemCache for session fixation prevention
  • Filename sanitization to prevent path traversal
  • IP address validation across ban endpoints
View release on GitHub
v1.6.8 New feature
Notable features
  • Reverse proxy request buffering control
  • Concurrent certificate generation support
  • New DNS providers: GoDaddy, TransIP, Domeneshop
View release on GitHub
v1.6.7 New feature
Notable features
  • Dynamic ECDH curve resolution for X25519MLKEM768 support
  • Automatic LRU cache eviction
  • Multi-handler syslog logging support
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
10,561
Forks
611
Languages
Python Shell HTML
View on GitHub Homepage Live demo Documentation

Install & Platforms

Install via
docker
Platforms
linux

Community & Support

Community

Similar tools

UUSEC WAF
SafeLine
OpenZiti
Tinyproxy
opensnitch

Beta — feedback welcome: [email protected]