OpenResty fast-filter, ML classifier, PoW challenges, behavioral fingerprinting, TLS analysis, threat feeds, and attack campaign grouping. No traffic leaves your server.
No vendor lock-in. No routing traffic through third parties. Your server, your rules, your data.
Lua WAF at L0 handles regex, bot UA blocking, anti-evasion normalization, and ban cache — all before Python sees the request. 13,905 req/s measured.
GradientBoosting classifier trained on 50K production samples. Catches zero-day payloads that regex misses. 99.07% accuracy, 0.62% false positive rate.
An attacker hitting 2+ of your services gets a global escalated ban. No other self-hosted WAF correlates across projects.
SHA-256 proof-of-work with Web Worker solver. Browsers solve in <1s, bots waste compute. Configurable difficulty per project.
5 signals: timing CV, path diversity, request rate, human pauses, and Shannon entropy on query params. Catches AI fuzzers.
Detects bots spoofing Chrome UAs but using weak TLS suites or HTTP/1.1 on HTTPS. Blocks httpx, requests, curl impersonators.
Groups coordinated attacks by path pattern and 5-minute windows. MITRE ATT&CK tactic mapping. Auto-severity and Telegram alerts.
Invisible markers injected via nginx sub_filter. If a scraper reproduces your content, the canary phones home and you know who and when.
Manage bans, check stats, configure rules from Claude, Cursor, or any MCP client. The only WAF manageable through natural language.
Every request passes through independent layers. A hit on any layer triggers the response. Deeper layers catch what earlier ones miss.
Regex (9 categories), 44+ AI bot UAs, social crawler bypass, fullwidth/homoglyph anti-evasion, ban cache via shared_dict
Same 9 pattern categories plus token-based SQL/XSS structural detection via libinjection C bindings (ctypes)
GradientBoosting v2 trained on 50K samples. Feature extraction from URI + headers + body. Confidence threshold 0.92
Proof-of-work with Web Worker solver, configurable difficulty, i18n challenge page with project branding
5 signals: timing CV, path diversity, request rate, human pauses, query param Shannon entropy. Trust scoring with decay
21,886 malicious IPs from FireHOL, Spamhaus DROP, CINS Army, Emerging Threats. Auto-refresh every 2 hours
Groups coordinated attacks by normalized path + reason in 5-minute windows. MITRE ATT&CK mapping. Auto-severity escalation
The only self-hosted WAF combining ML + behavioral fingerprinting + cross-project + MCP + canary tokens.
| Capability | AxGate | SafeLine | Anubis | Cloudflare | Crawlflare |
|---|---|---|---|---|---|
| Self-hosted | ✓ | ✓ | ✓ | ✗ SaaS | ✓ |
| Full WAF (SQLi/XSS/LFI) | ✓ 9 cat | ✓ | ✗ | ✓ | ✗ |
| ML detection | ✓ 99% | ✓ | ✗ | ✓ | ✗ |
| Anti-scraping (PoW) | ✓ | ✓ | ✓ | ✓ | ✗ |
| Anti-AI evasion | ✓ | ✗ | ✗ | ✓ | ✗ |
| TLS fingerprinting | ✓ | ✗ | ✗ | ✓ | ✓ |
| H2 fingerprinting | ✓ | ✗ | ✗ | ✓ | ✗ |
| Behavioral entropy | ✓ | ✗ | ✗ | ✗ | ✗ |
| Threat feeds | ✓ 21K | ✗ | ✗ | ✓ | ✗ |
| Campaign grouping | ✓ MITRE | ✓ | ✗ | ✓ | ✗ |
| Canary tokens | ✓ | ✗ | ✗ | ✗ | ✓ |
| Cross-project bans | ✓ | ✗ | ✗ | ✗ | ✗ |
| MCP management | ✓ | ✗ | ✗ | ✗ | ✗ |
| Web panel | ✓ 21pg | ✓ | ✗ | ✓ | ✗ |
| Telegram bot | ✓ 15+ | ✗ | ✗ | ✗ | ✗ |
Start free. Upgrade when you need multi-node or premium features.
For homelabbers and personal projects.
For freelancers and agencies managing multiple sites.
For teams with multiple servers and admin roles.
On-premise, white-label, dedicated support.
One command. Docker Compose handles the rest.
Requires Docker + Docker Compose v2. Tested on Ubuntu 22.04/24.04 and Debian 12.