Web application firewalls have become a necessity.
Every year, millions of businesses lose their data to hackers. With companies investing time and money in other functions, security at times take a back seat.
According to the 2018 Hiscox Cyber Readiness Report, majority of organizations are unprepared (cyber novices) and would be seriously impacted by a cyberattack.
While a majority of these businesses have web scanning tools, they fail to patch the loopholes. That’s exactly where web application firewalls come in.
Now, commercial WAFs can be expensive and not all businesses can afford them. Here are some of the open source or free solutions that you can use to create a defense system of your own.
The known open-source WAF from Mister Scanner offers a package of WAF, CDN, Scan, and Security Expert.
ModSecurity is the leader in WAF industry offering real-time web application monitoring, logging, and access control. Their open-source community is based on the belief that users should be able to mold their web application firewall the way they want it.
ModSecurity supports two deployment options: embedded and reverse proxy deployment. However, there are no fancy interfaces with this WAF. You might want to use WAF-FLE for visibility.
Promoted as the universal web application security sensor intended for real-time monitoring and defense over IIS, AQTRONIX WebKnight is perfect for developers to build something simple and yet effective. This WAF scans all the requests and blocks certain based on predefined rules. It is compatible with Frontpage Extensions, WebDAV, Flash, Cold Fusion, Outlook Web Access, Outlook Mobile Access, SharePoint and several others.
This firewall is perfect for small businesses with a tight development team.
NAXSI is one of the most popular reverse proxy firewalls with simple rules and absolutely minimal maintenance to begin with.
However, it is not an extensive option given that this open source WAF is only effective against common attacks like Cross-Site Scripting and SQL Injection.
NAXSI is an Nginx module in charge of performing web application firewalling.
On the face, Shadow Daemon is a single WAF tool but it actually does much more than that. It intercepts requests and filters out malicious parameters. Essentially, it is a powerful tool to detect, record, and block attacks so you can learn from the attacks to harden rules in the future.
The current version of this tool supports:
It can block attacks like:
It is a perfect tool for companies that want to run their own extensive firewall.
Written for OpenResty stack, lua-resty-waf uses NGINX and its scalable infrastructure to compete with ModSecurity. It is a powerful alternative on the OpenResty architecture with features to write your own rules.
The performance of this open-source WAF matches that of Cloudflare at process transactions of 300-500 microseconds per request.
Vulture is one of the lesser-know WAFs with the ability to stop most common web attacks. It works on reverse-proxy and load distribution to ensure that anomalies are promptly detected and stopped.
However, most of the support documents for this web application firewall are in French and not comprehensible for all.
Made in C language, Raptor WAF has only be tested on Linux and little is known about its Beta Version. It is capable of blocking common XSS and SQL Injection attacks and you can even blacklist IPs.
Raptor WAF also works on reverse proxy.Commercial Options
Developing, customizing and managing open source web application firewalls is difficult. Businesses often find it better to invest in low-cost WAFs with cleaner interface and automation. With the rise of AI and Machine Learning in the industry, it is better to have collective intelligence. Here are some of the options that you can also consider: