BunkerWeb

bunkerweb.io
BunkerWeb

BunkerWeb is an open-source Next-Generation Web Application Firewall (WAF). It provides easy protection for your web services and is designed to remain secure by default. It integrates seamlessly with modern environments (Docker, Kubernetes, Linux, etc.).

Open Source

BunkerWeb Source Code

Author

bunkerity

Description

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

#antibot#cybersecurity#devops#devsecops#dnsbl#docker#hardening#hosting#kubernetes#letsencrypt#modsecurity#nginx#reverse-proxy#security#security-tuning#swarm#waap#waf#web-application-firewall#web-security

Homepage

https://www.bunkerweb.io

License

AGPL-3.0

Created

20 Aug 19

Last Updated

07 Jul 26

Latest version

v1.6.12

Primary Language

Python

Size

917,267 KB

Stars

10,695

Forks

631

Watchers

10,695

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Théophile Diot (02 Jul 26)

    Merge pull request #3694 from bunkerity/staging Road to 1.6.12 🚀

  • Théophile Diot (02 Jul 26)

    Merge pull request #3693 from bunkerity/dev Merge branch "dev" into branch "staging"

  • TheophileDiot (02 Jul 26)

    chore(docker): Fix misc CVEs

  • TheophileDiot (01 Jul 26)

    deps: Updated LuaJIT version to v2.1-20260701

  • TheophileDiot (01 Jul 26)

    deps: Updated Modsecurity version to v3.0.16

  • TheophileDiot (29 Jun 26)

    chore(docker): update base images for RHEL 9 and 10 Dockerfiles

  • TheophileDiot (29 Jun 26)

    fix(docker): update yq version to v4.50.1 in Dockerfile

  • Théophile Diot (29 Jun 26)

    Merge pull request #3679 from bunkerity/dev Merge branch "dev" into branch "staging"

  • TheophileDiot (29 Jun 26)

    Merge branch 'dev' of https://github.com/bunkerity/bunkerweb into dev

  • TheophileDiot (29 Jun 26)

    docs(social): fix cropped logo in Open Graph preview cards

  • Théophile Diot (29 Jun 26)

    Merge pull request #3677 from bunkerity/dependabot/github_actions/dev/stefanzweifel/git-auto-commit-action-7.2.0 deps/gha: bump stefanzweifel/git-auto-commit-action from 7.1.0 to 7.2.0

  • TheophileDiot (29 Jun 26)

    fix(ui): preserve customizations on easy-mode template switch + sync multiselect display

  • TheophileDiot (29 Jun 26)

    Update dependencies: regex to 2026.6.28, certifi to 2026.6.17, click to 8.4.2, and hpack to 4.2.0

  • dependabot[bot] (29 Jun 26)

    deps/gha: bump stefanzweifel/git-auto-commit-action from 7.1.0 to 7.2.0 Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 7.1.0 to 7.2.0. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/git-auto-commit-action/compare/04702edda442b2e678b25b537cec683a1493fcb9...4a55954c782fc1ea30b9056cd3e7a2b40ca8887d) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

  • Théophile Diot (26 Jun 26)

    Merge pull request #3675 from bunkerity/dev Merge branch "dev" into branch "staging"

  • Théophile Diot (26 Jun 26)

    Merge pull request #3671 from bunkerity/dependabot/github_actions/dev/github/codeql-action-4.36.2 deps/gha: bump github/codeql-action from 3.36.2 to 4.36.2

  • Théophile Diot (26 Jun 26)

    Merge pull request #3672 from bunkerity/dependabot/github_actions/dev/azure/setup-helm-5.0.1 deps/gha: bump azure/setup-helm from 5.0.0 to 5.0.1

  • Théophile Diot (26 Jun 26)

    Merge pull request #3673 from bunkerity/dependabot/github_actions/dev/github/codeql-action/upload-sarif-4.36.2 deps/gha: bump github/codeql-action/upload-sarif from 3.36.2 to 4.36.2

  • TheophileDiot (26 Jun 26)

    docs(plugins): add Authentik, Cloudflare, Matrix to official plugins list

  • dependabot[bot] (26 Jun 26)

    deps/gha: bump github/codeql-action/upload-sarif from 3.36.2 to 4.36.2 Bumps [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) from 3.36.2 to 4.36.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.36.2...8aad20d150bbac5944a9f9d289da16a4b0d87c1e) --- updated-dependencies: - dependency-name: github/codeql-action/upload-sarif dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

  • dependabot[bot] (25 Jun 26)

    deps/gha: bump azure/setup-helm from 5.0.0 to 5.0.1 Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/dda3372f752e03dde6b3237bc9431cdc2f7a02a2...9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

  • dependabot[bot] (25 Jun 26)

    deps/gha: bump github/codeql-action from 3.36.2 to 4.36.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.36.2 to 4.36.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3.36.2...8aad20d150bbac5944a9f9d289da16a4b0d87c1e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

  • Théophile Diot (24 Jun 26)

    Merge pull request #3655 from bunkerity/dependabot/github_actions/dev/actions/checkout-7.0.0 deps/gha: bump actions/checkout from 6.0.3 to 7.0.0

  • Théophile Diot (24 Jun 26)

    Merge pull request #3661 from bunkerity/dependabot/github_actions/dev/ruby/setup-ruby-1.314.0 deps/gha: bump ruby/setup-ruby from 1.313.0 to 1.314.0

  • Théophile Diot (24 Jun 26)

    Merge pull request #3662 from bunkerity/dependabot/github_actions/dev/softprops/action-gh-release-3.0.1 deps/gha: bump softprops/action-gh-release from 3.0.0 to 3.0.1

  • Théophile Diot (24 Jun 26)

    Merge pull request #3665 from bunkerity/dependabot/github_actions/dev/actions/setup-python-6.3.0 deps/gha: bump actions/setup-python from 6.2.0 to 6.3.0

  • TheophileDiot (24 Jun 26)

    chore: Update Trivy configuration to ignore unfixed vulnerabilities and clarify ignore file comments

  • TheophileDiot (24 Jun 26)

    chore: Move DOCKER_BUILD_SUMMARY environment variable to build steps for better control

  • TheophileDiot (24 Jun 26)

    chore: Enhance Trivy integration with summary template and update workflow environment variables

  • TheophileDiot (24 Jun 26)

    chore: Update workflows to allow all legs to run for Trivy SARIF uploads and add Python package ignore policy

BunkerWeb Security

Security Advisories (2)

  • low Patched CVSS 3.5

    CVE-2025-8066 CVE-2025-8066 – Open Redirect vulnerability in BunkerWeb UI 1.6.X (< 1.6.4)

  • low Patched

    CVE-2024-53264 Open Redirect Vulnerability in Loading Page

BunkerWeb Website

Website

BunkerWeb - The open-source Web Application Firewall (WAF)

Fool attackers and protect your web services with BunkerWeb, the open-source and next-gen Web Application Firewall (WAF).

Redirects

Does not redirect

Security Checks

All 65 security checks passed

Server Details

  • IP Address 51.159.125.247
  • Hostname 51-159-125-247.rev.poneytelecom.eu
  • Location Paris, Ile-de-France, France, EU
  • ISP Scaleway SAS
  • ASN AS12876

Associated Countries

  • FR FR
  • NL NL

Safety Score

Website marked as safe

100%

Blacklist Check

www.bunkerweb.io was found on 0 blacklists

  • AntiSocial Blacklist
  • Artists Against 419
  • Badbitcoin
  • Bambenek Consulting
  • CERT Polska
  • CoinBlockerLists
  • CRDF
  • CryptoScamDB
  • EtherAddressLookup
  • EtherScamDB
  • Fake Website Buster
  • MetaMask EthPhishing
  • NABP Not Recommended Sites
  • OpenPhish
  • PetScams
  • PhishFeed
  • PhishFort
  • Phishing.Database
  • PhishStats
  • PhishTank
  • Phishunt
  • RPiList Not Serious
  • Scam.Directory
  • SecureReload Phishing List
  • Spam404
  • StopGunScams
  • Suspicious Hosting IP
  • ThreatFox
  • ThreatLog
  • TweetFeed
  • URLhaus
  • ViriBack C2 Tracker

Website Preview

Website preview

BunkerWeb Reviews

More Firewalls

About the Data: BunkerWeb

Change History

API

You can access BunkerWeb's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/v1/services/bunkerweb

The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.

Share BunkerWeb

Help your friends compare Firewalls, and pick privacy-respecting software and services.
Share BunkerWeb and Awesome Privacy with your network!

View Firewalls (14)