WAF: free web application firewall hosted on digitalocean, would you like it?


Last year I’ve started to develop a WAF (web application firewall) based on Nginx (openresty) + ModSecurity and Nodejs. Now the WAF is stable and it works like a charm :)

I would like to create a new branch of this project ( and create a FREE service waf-in-cloud for small websites / blogs / etc … (not enterprise) called and hosted on digitalocean. The free WAF will include all ModSecurity rules + Custom Rules + Shared Reputation DB + 2 months of reports and logs + real time dashboard.

Someone would be interested in using this kind of service? I’ve created a repository on github to collect opinions and show screenshots and video of the WAF.

hope this can be useful, thanks!



It looks really smooth, and I think from experience alot of new DO users would appreciate something like this. If its easy to setup for them and there is a good docu, it could become popular in my opinion. You should make your project here once its done, would be great.

Hi @jonaharagon thanks for your comment. you’re right, is a “brochure” website only, and it doesn’t have so much info. I’m working hard to the “” website, it will include a registration process where you’ll be able to configure you WAF and use it.

the idea is that you have to change your DNS website to a CNAME something like:     CNAME

so will receive all http requests and forward (as a reverse proxy) it to and block attacks without forward it.

i think is hard to make a WAF opensource, cos for doing that i need to publish the whole system image! I think could be more useful as a service.

i’ll update this question when website is done. thank you!


It looks nice, have you considered making it open source? I was going to look at but your website doesn’t really have any useful links, the Join Us link is broken so I couldn’t do anything with it.

It looks nice to use but it would only fit into my servers if it could be a self hosted application, which it doesn’t sound like it is from your description. I know it could be useful for some people though.

Hi @CrypticDesigns thanks for your comment! I’m a little bit worried about the change DNS by end users. I don’t know if this should be easy to do by all users, i don’t know if all users know what is a CNAME :) But probably who need a WAF is not a “simple” end user :)

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

What happened to this, is this still active? I’d like something like this in addition to the DO firewall which is simple iptables port blocking stuff. We need a proper WAF layer instead of doing our own tinkering with modsecurity and nginx etc.

Sorry to rejuvenate this thread, but is way too intrusive with its CNAME requirement, and is gone. Wallarm looks nice, but the Nginx install gives an error. I followed the instructions on their website, and while executing yum install wallarm-node-nginx nginx-module-wallarm, I get this error:

Error: Package: ruby-proton-2.12.0-1.x86_64 (wallarm-node)
           Requires: libproton212 = 2.12.0-1
Error: ruby-proton conflicts with nginx-module-wallarm-2.10.7-1.el7.x86_64
Error: Package: ruby-proton-2.12.0-1.x86_64 (wallarm-node)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

This is on CentOS 7.x. Any ideas?

Did this come along? I can’t view the website. Would love to have a WAF service.

Did you try Wallarm? It’s built on top of NGINX with automatic learning from the traffic and vulnerability scanner built-in


i’ve completed the sign up process :) Now is possible to start to use the WAF and create configurations.

Comments or Suggestions are really appreciated :)


Hi guys!

I’m working to the registration process on website, i think i’ll complete it soon :)

I’ve just configured a “demo user” for make you try the WAF Web GUI. I would love to know your opinions about it :) It is not a “production state” for now, it is a “pre-alfa”. You need to login to:

Password: demo
Demo Website:

The WAF protect a demo website ( that you can use it for generate events on the demo account. For example, you’ll see a request by you IP Address if you do: curl -v ""

thank you! others news coming soon :)