[HN Gopher] Show HN: BunkerWeb - The Open-Source Web Application...
___________________________________________________________________
Show HN: BunkerWeb - The Open-Source Web Application Firewall (WAF)
Author : bnkty
Score : 96 points
Date : 2024-12-06 14:00 UTC (9 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| canadiantim wrote:
| Why should I be using BunkerWeb, e.g. if running my own SaaS?
| bnkty wrote:
| You can use BunkerWeb to protect your own SaaS against
| malicious actors.
| salzig wrote:
| I feel reminded of brawndo.
|
| https://fictionalcompanies.fandom.com/wiki/Brawndo
| nirav72 wrote:
| But it has electrolytes.
| jmuguy wrote:
| Its got what SaaS craves!
| johnchristopher wrote:
| Does it handle content security policies ?
| bnkty wrote:
| Yes you can configure your own CSP, more info here :
| https://docs.bunkerweb.io/latest/security-tuning/#security-h...
|
| Please note that we plan to improve it in the future with
| automation.
| fifteen1506 wrote:
| PSA: needs 'proper' NGINX
| bnkty wrote:
| Indeed, we use NGINX as the base web server. NGINX + LUA to be
| precise.
| softwreoutthere wrote:
| Is this just LUA modules? Whats the performance hit like vs a
| fresh install of nginx? Whats the performance like on something
| like ten thousand server blocks?
| bnkty wrote:
| Performance will indeed decrease compared to a web server
| without security features. However, this largely depends on the
| BunkerWeb features you choose to enable.
| brunoqc wrote:
| > Whether it's enhanced security, an enriched user experience, or
| technical supervision, the BunkerWeb PRO version will allow you
| to fully benefit from BunkerWeb and respond to your professional
| needs.
|
| Is it open core? I see that the license is AGPL. Can I just edit
| the code to enable the "pro" features, or are they in another
| repo?
|
| "enhanced security" sounds a bit like the open source version is
| gutted to encourage people paying for it. If so, it's a bit of a
| shame. Wouldn't it be better if everyone used this waf and the
| web would be more secure as possible for everyone?
| bnkty wrote:
| You are right, this is an open-core model. The PRO features are
| proprietary and, to be precise, they are actually modules that
| integrate into the core of the solution. In addition to these
| features, the PRO version gives you access to technical
| support. We completely agree with you that BunkerWeb can be
| used by everyone to make the web more secure. We sincerely
| believe that the features offered in the community version
| contribute significantly to this goal. Thank you for your
| feedback.
| panarky wrote:
| "live threatmap of live cyber attacks blocked by BunkerWeb
| instances all around the world"
|
| So this sketchy looking thing is also equipped with telemetry
| that phones home all the time?
|
| No thanks.
| bnkty wrote:
| The BunkerNet feature is completely optional. You can disable
| it at any time, however, you will not be able to take advantage
| of crowdsourcing on threats if you do so. More information here
| : https://docs.bunkerweb.io/latest/security-tuning/#bunkernet
| unethical_ban wrote:
| A WAF looks sketchy? OSINT is sketchy?
| thelittleone wrote:
| An open source WAF at that.
| szszrk wrote:
| Enterprises pay a shitload of cash for that functionality of
| commercial WAF systems. Some allow that at a low let cost of
| you send your own data, and more expensive if you don't.
| KomoD wrote:
| Can it block based on TLS fingerprints? Like JA3, etc.
| bnkty wrote:
| Not at the moment but we plan to work on it. Thanks for your
| feedback.
| runekaagaard wrote:
| Looks very good, thx for sharing!
|
| Can it be integrated with an existing large nginx config with
| multiple domains, server and client certificates, websockets,
| other custom settings and different apps deployed with ansible or
| does it need to run the nginx process by itself?
| bnkty wrote:
| You will need to migrate to BunkerWeb. But since BunkerWeb is
| based on NGINX it might be easier than you think. As an
| example, it supports custom NGINX configs :
| https://docs.bunkerweb.io/latest/quickstart-guide/#custom-co...
|
| Maybe you can join our Discord to discuss further about your
| use case.
| tegiddrone wrote:
| I'll have to check it out! The popular option for homelab or
| other indie scale is to just use the cloudflare's free-tier
| setup, which includes WAF, but I see a privacy hole where
| cloudflare needs to see your unencrypted HTTP traffic so that
| they can apply their WAF rules.
|
| I've also been checking out CrowdSec. I appreciate it's modular
| architecture but it definitely deviates away from the folks that
| just wants to expose an HTTP service and get on with their lives.
| I've enjoyed the Caddy server for this reason, but yeah, not as
| secure-as-default when it comes to attacks a WAF would mitigate.
| ThinkBeat wrote:
| Please stop these types of headlines.
|
| A commercial closed sourced web application firewall, where some
| parts / features open source and free.
|
| Promium sourced web application firewall.
| ThinkBeat wrote:
| For Fucks Sake offering "dark mode" is the 3rd or 4th highlight
| in the promo video.
|
| You could dark mode application in X Windows way back in the day
| with just a bit of configuration.
|
| This may be two style sheets you can swap between or whatever. It
| is not impressive.
|
| What about "Blue letters available" ohhhh .
|
| I keep seeing apps being update and the major change being "dark
| mode now available".
___________________________________________________________________
(page generated 2024-12-06 23:00 UTC)