Impact-Site-Verification: 41b53a0c-6d04-458b-a457-fe9e29acde1a

Developer Tools/UnknownWAFopen-sourcecloud-nativesecurity·

BunkerWeb

Open-source and cloud-native Web Application Firewall for secure-by-default web services.

BunkerWeb

What it does

BunkerWeb is a next-generation, open-source Web Application Firewall (WAF) that acts as a reverse proxy to protect web services. Built on NGINX, it integrates seamlessly into Linux, Docker, Swarm, and Kubernetes environments. It provides out-of-the-box security features including HTTPS with Let's Encrypt automation, ModSecurity with OWASP Core Rule Set, automatic banning of suspicious behaviors, connection and request limits, bot blocking via challenges (cookies, JavaScript, captcha, hCaptcha, reCAPTCHA, Turnstile), and blocking of known bad IPs using external blacklists and DNSBL. An optional web UI simplifies configuration, and a plugin system extends functionality.

Who it is for

BunkerWeb is designed for developers, DevOps, and security teams who need to protect web applications without complex setup. It suits organizations of any size, from individual developers to enterprises, especially those already using container orchestration (Docker, Swarm, Kubernetes) or Linux servers. The open-source version is free (AGPLv3), while a PRO version offers enhanced security, monitoring, and support for professional use. A fully managed SaaS option, BunkerWeb Cloud, is also available for those who prefer not to self-host.

Why it matters

Web application security is critical but often complex and time-consuming. BunkerWeb simplifies this by providing a "secure by default" configuration that includes essential protections out of the box. Its cloud-native design means it fits into modern deployment pipelines without friction. The plugin system allows customization without forking, and the optional web UI reduces the need for CLI expertise. By offering both open-source and commercial tiers, BunkerWeb makes enterprise-grade WAF accessible to a wide audience, lowering the barrier to robust web security.

Launch signal

BunkerWeb was launched on Hacker News as a Show HN, indicating a community-driven debut. The project has an active ecosystem including a demo site, web UI demo, live threat map, status page, and community channels (Discord, LinkedIn, X, Reddit). Professional services and a PRO version are available through the BunkerWeb Panel. The documentation is comprehensive, covering integration, security tuning, and plugin development.

Brand and naming

The name "BunkerWeb" evokes a fortified shelter (bunker) for web services, aligning with its mission to provide robust security. The branding emphasizes "secure by default" and "cloud-native," positioning it as a modern, easy-to-integrate solution. The open-source nature (AGPLv3) and community focus build trust, while the PRO and Cloud offerings cater to commercial needs.

Get more like this in our weekly newsletter.