Skip to content

Latest commit

 

History

History
260 lines (199 loc) · 8.34 KB

README.md

File metadata and controls

260 lines (199 loc) · 8.34 KB

English | 简体中文

SamWaf

A lightweight open-source web application firewall

Release Gitee GitHub stars Gitee star License

Development Motivation:

  • Lightweight: Initially, I used some security products based on nginx, apache, and iis plugins for protection, but the plugin form had a high coupling degree.
  • Privatization: Later, most cloud protection services were adopted, but private deployment is affordable only for medium and large enterprises, while small companies and studios find it costly.
  • Privacy Encryption: During web protection, it is preferable to process local data without sending it to the cloud. The goal was to create a tool that encrypts local information and network communications for the management end.
  • DIY: Over the years of website maintenance and development, there were specific functions I wanted to add but couldn't achieve.
  • Awareness: If the webmaster has never used a similar WAF, it is inconvenient to understand who is accessing the site and what requests are being made solely from logs or nginx, apache, IIS, etc.

In short, the goal was to create an effective tool for website or API protection to handle abnormal situations and ensure the normal operation of websites and applications.

Software Introduction

SamWaf is a lightweight, open-source web application firewall for small companies, studios, and personal websites. It supports fully private deployment, encrypts data stored locally, is easy to start, and supports Linux 、 Windows 64-bit and Arm64.

Architecture

SamWaf Architecture

Interface

SamWaf Web Application Firewall Overview

Add Host Attack Log
Add Host Attack Log
CC IP Blocklist
CC IP Blocklist
IP Allowlist LDP
IP Allowlist LDP
Add Rule Script Log Select Log
Add Rule Script Log Select Log
Log Details Manual Rule
Log Details Manual Rule
URL Blocklist URL Allowlist
URL Blocklist URL Allowlist

Main Features:

  • Completely open-source code
  • Supports private deployment
  • Lightweight, no dependency on third-party services
  • Fully independent engine, protection functions do not rely on IIS, Nginx
  • Customizable protection rules, supporting both script and GUI editing
  • Supports allowlist access
  • Supports IP blocklist
  • Supports URL allowlist
  • Supports URL access restrictions
  • Supports designated data privacy output
  • Supports CC frequency access
  • Supports global one-click configuration
  • Supports separate protection strategies for different websites
  • Encrypted log storage
  • Encrypted communication logs
  • Data obfuscation
  • Supports global one-click configuration
  • Supports OWASP CRS

Usage Instructions

It is strongly recommended to conduct thorough testing in a test environment before deploying to production. If any issues arise, please provide feedback promptly.

Download the Latest Version

Gitee: https://gitee.com/samwaf/SamWaf/releases

GitHub: https://github.com/samwafgo/SamWaf/releases

Quick Start

Windows

  • Start directly
SamWaf64.exe
  • As a service
//Install
SamWaf64.exe install 

//Start
SamWaf64.exe start

//Stop
SamWaf64.exe stop

//Uninstall
SamWaf64.exe uninstall

Linux

  • Start directly
./SamWafLinux64
  • As a service
//Install
./SamWafLinux64 install 

//Start
./SamWafLinux64 start

//Stop
./SamWafLinux64 stop

//Uninstall
./SamWafLinux64 uninstall

Docker

docker run -d --name=samwaf-instance \
           -p 26666:26666 \
           -p 80:80 \
           -p 443:443 \
           -v /path/to/your/conf:/app/conf \
           -v /path/to/your/data:/app/data \
           -v /path/to/your/logs:/app/logs \
           -v /path/to/your/ssl:/app/ssl \
           samwaf/samwaf


More Detail Docker https://hub.docker.com/r/samwaf/samwaf

Start Access

http://127.0.0.1:26666

Default account: admin Default password: admin868 (Please change the default password upon first login)

Upgrade Guide

Note: The upgrade process will terminate the service, please upgrade during off-peak hours.

Automatic Upgrade

If a new version is available, an upgrade prompt will pop up for confirmation, allowing you to initiate the upgrade. The page will automatically refresh after the upgrade is complete.

Manual Upgrade

  • For direct launch:

    1. Close the application.
    2. Download the latest program and replace the existing files, then manually start it again.
  • For service mode:

1. First, pause the service.

  Windows: SamWaf64.exe stop
  Linux: ./SamWafLinux64 stop
  
2. Replace with the latest application files.

3. Start the service:
Windows: SamWaf64.exe start
Linux: ./SamWafLinux64 start

Note: Upgrading the Windows service may trigger security rules from 360 or Huorong, preventing the new files from being replaced normally. In this case, you can manually replace the files. Those familiar with this area can help determine the correct handling method.

Online Documentation

Online Documentation

Code Information

Code Repository

Introduction and Compilation

How to Compile Compilation Instructions

Tested and Supported Platforms

Tested and Supported Platforms

Other Info

Testing Results

Testing Results

Security Policy

Security Policy

Feedback

SamWaf is continuously iterating. We welcome feedback and suggestions.

Star history

Star History Chart

License

SamWaf is licensed under the Apache License 2.0. Refer to LICENSE for more details.

For third-party software usage notice, see ThirdLicense

Contribution

Thanks for the following contributors!