JXWAF is an AI-powered Web Application Firewall designed to protect websites. It leverages large language models for advanced threat detection, offering a more sophisticated approach than traditional WAFs, with benefits in accuracy and speed.

How It Works

JXWAF employs a "non-white-or-black" AI-driven detection model, contrasting with traditional rule-based systems. Key features include a large model semantic caching service to reduce LLM query costs and a "group immunity network" for real-time sharing of new attack signatures among deployed instances. It offers flexible protection modes: Online Learning (for model training), Online Protection (Business Priority or Security Priority), and Offline Protection.

Quick Start & Requirements

• Requirements: Debian 12.x, minimum 4-core CPU, 8GB RAM. Docker is required.
• Installation: Install Docker, clone the repository (git clone https://github.com/jx-sec/jxwaf.git), navigate to jxwaf/standard, and run docker compose up -d.
• Console: Accessible at http://47.120.63.196:8000.
• Docs: Primary documentation is within the README.

Highlighted Details

• JXWAF6 Standard Edition (using DeepSeek) demonstrates detection rates (41.03%) and accuracy (98.72%) comparable to commercial WAFs, with an average latency of 28.19ms.
• The AI semantic caching and group immunity network aim to optimize LLM costs and provide rapid updates against emerging threats.
• Offers distinct protection modes (Business Priority, Security Priority, Offline) to balance security needs with operational impact.

Maintenance & Community

• Core contributors include chenjc, jiongrizi, and thankfly.
• Bug reports and feature requests can be submitted via WeChat (ID: 574604532, mention 'jxwaf').
• Updates and technical discussions are primarily disseminated through a WeChat Official Account.

Licensing & Compatibility

• No specific open-source license is declared in the provided README. This absence requires clarification for adoption decisions, especially regarding commercial use or derivative works.

Limitations & Caveats

• Configuring AI_BACKUP_WAF_URL to use external WAFs for model fallback carries a potential data leakage risk.
• The "Online Protection - Business Priority" mode may initially allow unknown malicious traffic before AI analysis, posing a window of vulnerability.
• Benchmark results are based on a specific test methodology and dataset, which may not fully represent diverse real-world attack vectors.