Protecting 5 production sites

Self-Hosted WAF with
7-Layer Detection

OpenResty fast-filter, ML classifier, PoW challenges, behavioral fingerprinting, TLS analysis, threat feeds, and attack campaign grouping. No traffic leaves your server.

Quick Install → Live Panel →
13,905
req/s peak
99.07%
ML accuracy
21,886
threat IPs
<1ms
ban lookup
Why AxGate

Everything a WAF should be in 2026

No vendor lock-in. No routing traffic through third parties. Your server, your rules, your data.

OpenResty Fast-Filter

Lua WAF at L0 handles regex, bot UA blocking, anti-evasion normalization, and ban cache — all before Python sees the request. 13,905 req/s measured.

🧠

ML-Powered Detection

GradientBoosting classifier trained on 50K production samples. Catches zero-day payloads that regex misses. 99.07% accuracy, 0.62% false positive rate.

🔗

Cross-Project Correlation

An attacker hitting 2+ of your services gets a global escalated ban. No other self-hosted WAF correlates across projects.

🛡️

PoW Challenges

SHA-256 proof-of-work with Web Worker solver. Browsers solve in <1s, bots waste compute. Configurable difficulty per project.

🔍

Behavioral Fingerprinting

5 signals: timing CV, path diversity, request rate, human pauses, and Shannon entropy on query params. Catches AI fuzzers.

🔒

TLS + H2 Fingerprinting

Detects bots spoofing Chrome UAs but using weak TLS suites or HTTP/1.1 on HTTPS. Blocks httpx, requests, curl impersonators.

🎯

Attack Campaigns

Groups coordinated attacks by path pattern and 5-minute windows. MITRE ATT&CK tactic mapping. Auto-severity and Telegram alerts.

🪤

Canary Tokens

Invisible markers injected via nginx sub_filter. If a scraper reproduces your content, the canary phones home and you know who and when.

📡

MCP Native

Manage bans, check stats, configure rules from Claude, Cursor, or any MCP client. The only WAF manageable through natural language.

Architecture

7-layer detection engine

Every request passes through independent layers. A hit on any layer triggers the response. Deeper layers catch what earlier ones miss.

L0

OpenResty Lua Fast-Filter

Regex (9 categories), 44+ AI bot UAs, social crawler bypass, fullwidth/homoglyph anti-evasion, ban cache via shared_dict

13,905 rps
L1

Regex + libinjection (C)

Same 9 pattern categories plus token-based SQL/XSS structural detection via libinjection C bindings (ctypes)

1,435 rps
L2

Machine Learning

GradientBoosting v2 trained on 50K samples. Feature extraction from URI + headers + body. Confidence threshold 0.92

0.54ms / req
L3

PoW SHA-256 Challenge

Proof-of-work with Web Worker solver, configurable difficulty, i18n challenge page with project branding

<1s browser
L4

Behavioral Analysis

5 signals: timing CV, path diversity, request rate, human pauses, query param Shannon entropy. Trust scoring with decay

realtime
+

Threat Intelligence Feeds

21,886 malicious IPs from FireHOL, Spamhaus DROP, CINS Army, Emerging Threats. Auto-refresh every 2 hours

21,886 IPs
+

Campaign Detector

Groups coordinated attacks by normalized path + reason in 5-minute windows. MITRE ATT&CK mapping. Auto-severity escalation

every 2 min
How we compare

AxGate vs the competition

The only self-hosted WAF combining ML + behavioral fingerprinting + cross-project + MCP + canary tokens.

CapabilityAxGateSafeLineAnubisCloudflareCrawlflare
Self-hosted✗ SaaS
Full WAF (SQLi/XSS/LFI)✓ 9 cat
ML detection✓ 99%
Anti-scraping (PoW)
Anti-AI evasion
TLS fingerprinting
H2 fingerprinting
Behavioral entropy
Threat feeds✓ 21K
Campaign grouping✓ MITRE
Canary tokens
Cross-project bans
MCP management
Web panel✓ 21pg
Telegram bot✓ 15+
Pricing

Transparent pricing

Start free. Upgrade when you need multi-node or premium features.

Community
Free

For homelabbers and personal projects.

  • 1 project
  • 100K requests/month
  • All 7 detection layers
  • Web panel
  • Community support
Pro
$10/mo

For freelancers and agencies managing multiple sites.

  • Unlimited projects
  • Unlimited requests
  • ML + PoW + behavioral
  • Threat intel feeds
  • Attack campaigns
  • Telegram bot
  • 2 nodes
Business
$50/mo

For teams with multiple servers and admin roles.

  • Multi-admin RBAC
  • 10 nodes
  • Canary tokens
  • Data poisoning mode
  • Priority support
  • SLA 99.9%
Enterprise
Custom

On-premise, white-label, dedicated support.

  • Unlimited nodes
  • On-premise deploy
  • Custom integrations
  • MCP management
  • Dedicated support
Get started

Deploy in 5 minutes

One command. Docker Compose handles the rest.

$ curl -sL https://axgate.xdinamic.com/install.sh | bash

Requires Docker + Docker Compose v2. Tested on Ubuntu 22.04/24.04 and Debian 12.

Live Demo → Architecture →