WafWay is a self-hosted Web Application Firewall that protects against SQL injection, XSS, and other OWASP Top 10 threats. Deploy in minutes, not weeks.
Everything you need to secure your web applications, from basic threat detection to advanced compliance reporting.
OWASP CRS-inspired detection with 45+ patterns covering union, boolean, time-based, and stacked query attacks.
Comprehensive cross-site scripting detection including reflected, stored, and DOM-based attacks with encoding bypass detection.
Industry-standard bcrypt password hashing with cryptographically secure token generation using crypto/rand.
NewSQLite-backed storage for rules, attack logs, and traffic analytics with automatic aggregation and data retention.
NewCreate, update, and delete custom WAF rules with database persistence. Define patterns, actions, and priorities.
NewTime-series traffic data, top paths analysis, and attack logging. Export data via REST API for external dashboards.
NewBlock or allow traffic by country, detect VPNs, Tor exit nodes, and datacenter IPs with MaxMind GeoIP integration.
Identify and block malicious bots while allowing legitimate crawlers. Includes DNS verification for search engines.
Intelligent rate limiting per IP, session, or user with configurable thresholds and automatic ban enforcement.
WafWay sits between the internet and your application, inspecting every request before it reaches your servers.
Single binary, no dependencies. Works on any Linux server.
Point to your backend application and customize protection levels.
Run as a systemd service and start blocking threats instantly.
Start free, upgrade when you need enterprise features.
For personal projects and small teams
For growing businesses
For large organizations
| Feature | WafWay | Cloudflare WAF | AWS WAF | ModSecurity |
|---|---|---|---|---|
| Self-Hosted | Yes | No | No | Yes |
| OWASP Top 10 | Yes | Yes | Yes | Yes |
| Web Dashboard | Yes | Yes | Basic | No |
| Single Binary | Yes | N/A | N/A | No |
| No Vendor Lock-in | Yes | No | No | Yes |
| Free Tier | Unlimited | Limited | Pay per rule | Free |
| Data Privacy | Your servers | Third party | AWS | Your servers |
Download WafWay and start blocking threats in minutes.
# Download and install
curl -sSL https://get.wafway.io | sh
# Or with Docker
docker run -d -p 80:80 -p 8080:8080 wafway/wafConceptGood Consultants is an AI Product Development and Consulting firm based in Pune, India. We specialize in building intelligent solutions that transform how businesses operate.
Our portfolio includes ConceptGood (AI innovation platform), RaysHR (AI-powered HRMS), ArchitectGood (AI architecture platform), Crew4J (Java AI agent framework), and WafWay (Enterprise WAF). Each product represents our commitment to practical AI innovation.
Beyond products, we offer AI consulting services to help enterprises navigate their AI transformation journey — from strategy to implementation.
We leverage cutting-edge AI to solve complex business challenges.
Your success is our success. We go above and beyond for our clients.
We strive for excellence in every product and service we deliver.
Enterprise-grade quality in everything we build.
Join thousands of teams using WafWay to block web attacks.