<2-3 sentences summarising what the project addresses and solves, the target audience, and the benefit.> aaWAF is an open-source, self-hosted Web Application Firewall (WAF) designed to protect websites from common web attacks. It targets developers and administrators seeking a free security solution. Utilizing a hybrid semantic analysis and regex matching approach, aaWAF aims for high detection rates with minimal false positives, enhancing web application security without performance degradation.

How It Works

aaWAF functions as a reverse proxy, inspecting all incoming traffic. Built on OpenResty, it employs a primary semantic analysis engine (95%) and a secondary regex matching engine (5%) to filter malicious requests. This hybrid model is optimized for high performance and speed. The system also includes multiple decoding modules to handle various obfuscation techniques used by attackers.

Quick Start & Requirements

Online installation is performed via a provided shell script. Offline installation requires Docker and specific commands (tar, gzip, curl, netstat, ss). Download links for offline installation scripts and program files are available.

Highlighted Details

• Hybrid filtering: 95% semantic analysis, 5% regex matching.
• High efficacy: 83.13% detection rate, 0.08% false positive rate in benchmarks.
• Extensive attack coverage: SQL injection, XSS, SSRF, command injection, deserialization, template injection, and more.
• Multiple decoding modules: URL, Base64, Hex, JSON, Gzip, XML, etc.
• Compatibility with ARM and domestic systems.

Maintenance & Community

The project is hosted on GitHub, with links to issues. A live demo is available at https://btwaf-demo.bt.cn:8379/c0edce7a. Active development is indicated by module update dates, and several core engines (PHP, SpEL, OGNL, FreeMarker, Velocity, SnakeYAML) are open-sourced.

Licensing & Compatibility

While described as "open-source" and "free," the README lacks an explicit license, posing a potential adoption blocker for commercial use or integration into closed-source projects. It is compatible with ARM and domestic (Chinese) systems.

Limitations & Caveats

The "Future Updates" section lists numerous planned modules, suggesting current coverage may be incomplete for certain advanced attack vectors. The absence of a defined license is a significant caveat.