WAFWikiIndependent WAF intelligenceWAF directory
Structured profiles for comparing WAF deployment models, pricing paths, integrations, and sources.
Open Source WAF
SafeLine is a self-hosted WAF and reverse proxy often evaluated by teams that want local enforcement, Docker-first deployment, and a free path before commercial expansion.
Open Source WAF
Coraza is a Go-based WAF engine commonly considered when teams want ModSecurity-compatible rule support in modern Go-native environments.
Open Source WAF
ModSecurity is a widely known open-source WAF engine and a common baseline for rule-based web application firewall deployments.
Managed WAF
Cloudflare WAF is a managed edge security service suited for teams that want CDN, DNS, DDoS, bot, and WAF controls in one global platform.
Managed WAF
AWS WAF is a managed web application firewall for protecting AWS-hosted applications and APIs with rule groups, managed rules, and AWS-native integrations.
Rule Set
OWASP CRS is not a standalone WAF product, but it is a key rule set used with WAF engines such as ModSecurity and Coraza.
Open Source WAF
open-appsec positions around modern WAF and API security with open-source deployment options and integrations for cloud-native entry points.
Open Source WAF
BunkerWeb combines web serving and security controls, making it relevant for teams comparing open-source WAF-like protection for self-hosted workloads.
Managed WAF
Akamai App & API Protector is an enterprise WAAP option commonly evaluated by teams that want WAF, API protection, bot controls, and DDoS mitigation close to an edge delivery network.
Enterprise WAF
F5 BIG-IP Advanced WAF is an enterprise WAF commonly considered by teams that already use BIG-IP application delivery, need detailed policy controls, or operate hybrid infrastructure.
Nginx WAF
F5 WAF for NGINX is relevant when teams want WAF controls close to NGINX-based delivery, ingress, or reverse proxy patterns without relying only on open-source rule engines.
Managed WAF
Fastly Next-Gen WAF is a managed application security option often evaluated by teams that want WAF and API protection with edge delivery and security operations workflows.
Managed WAF
Imperva WAF is an enterprise application security product commonly evaluated for managed WAF, bot, DDoS, and compliance-oriented web application protection needs.
Cloud WAF
Azure Web Application Firewall is a managed WAF option for Azure-hosted and Azure-fronted applications, especially when teams already use Application Gateway or Azure Front Door.
Cloud WAF
Google Cloud Armor is a Google Cloud security service for protecting internet-facing applications with WAF rules, DDoS controls, and policy enforcement at Google's edge.
Open Source WAF
NAXSI is an open-source WAF project historically used with NGINX-style deployments and still relevant for teams researching lightweight rule-based WAF options.