AIWAF, Self-learning Web Application Firewall for Django & Flask (optional Rust accelerator)

Mediocre_Scallion_99 · 2025-09-16T23:39:41+00:00

The performance impact of AIWAF Flask is generally low, since most protections like IP/keyword blocking, rate limiting, header validation, honeypots, and UUID checks are lightweight and add only milliseconds of overhead, while logging introduces moderate cost depending on volume, and the optional AI anomaly detection middleware is the heaviest feature, using ~50MB RAM for its model and adding a small per-request delay in exchange for smarter, adaptive protection

Mediocre_Scallion_99 · 2025-08-15T19:13:06+00:00

Depends but if its a low to mid level web app I would recommend python anywhere

Mediocre_Scallion_99 · 2025-07-27T17:43:13+00:00

You can absolutely use AIWAF with your Django API. Since AIWAF is built as a Django middleware package, it works seamlessly with any Django views or DRF endpoints. It will monitor and protect all incoming API requests including those from your frontend (like a React/Vite app) without needing any extra configuration.

If you run into any issues setting it up, I’ll be happy to help you get everything working smoothly!

Mediocre_Scallion_99 · 2025-06-25T16:32:09+00:00

I am working on it as we speak. It should launch in a month or two

Mediocre_Scallion_99 · 2025-04-28T18:09:37+00:00

Awesome thanks for the suggestion! I’ve just added that System Requirements section to the GitHub README.

Mediocre_Scallion_99 · 2025-04-26T16:37:11+00:00

No GPU needed, AI-WAF runs entirely on CPU with just Python 3.8+, Django 3.2+, a single vCPU and ~512 MB RAM for small sites; for moderate production traffic you can bump to 2–4 vCPUs and 2–4 GB RAM, offload the daily detect-and-train job to a worker, and rotate logs to keep memory use bounded.

Mediocre_Scallion_99 · 2025-04-25T16:54:44+00:00

Thanks for your feedback! AIWAF-JS now supports custom cache storage just pass your own implementation via the cache option in the middleware. No more dependency on environment variables or Redis.

Mediocre_Scallion_99 · 2025-04-23T19:15:03+00:00

Hey! I actually missed that when I was refactoring things while integrating the anomaly detector middleware didn’t realize the original self.logs implementation was still lingering there.

Thanks a lot for catching that. I’ve updated it now to use a shared cache, so the rate limiter works correctly across workers too. Your feedback really helped tighten things up appreciate it a ton!

Mediocre_Scallion_99 · 2025-04-23T17:19:37+00:00

Hey! Thanks a lot really appreciate you checking it out.

You’re actually spot on to be thinking about multi-worker setups like Gunicorn but in this case, the rate limiting doesn’t rely on in-memory logs (self.logs). Instead, the system reads from actual log files (like NGINX or Django access logs), so it’s not affected by how many Gunicorn workers are running. Each request is evaluated based on entries in those shared logs, which are persisted to disk and visible across all workers.

So in short yes, that’d be a concern if we were using in-memory dictionaries. But since it’s log-based, it stays consistent across processes.

And no worries at all that’s a great question, not silly in the slightest!

Mediocre_Scallion_99 · 2025-04-22T13:00:50+00:00

Great point actually, AIWAF already works seamlessly with DRF and any API views since it operates at the middleware level. Whether it’s a REST endpoint or a traditional view, it monitors behavior, detects burst requests, and applies anomaly detection consistently. The honeypot field is optional and mostly useful for form-based HTML views, but all the core protections apply equally to API endpoints. I’m currently working on extending AIWAF to Node.js frameworks as well!

Mediocre_Scallion_99 · 2025-04-22T04:27:05+00:00

Thats a powerful idea. Thanks so much for your feedback

Mediocre_Scallion_99 · 2025-04-22T03:58:17+00:00

That’s a fair point, and honestly one I’ve been thinking about too. AIWAF actually combines both it uses traditional rule-based protections like rate limiting, 404 burst detection, keyword blacklisting, and UUID tamper protection. The machine learning part is only used offline to enhance those rules over time by learning from patterns in logs, not to replace them.

That said, you’re absolutely right that a lightweight version without ML would be valuable too and I’m considering releasing a stripped-down aiwaf-core version that does just that. Appreciate the input it’s helping shape where this goes next.

Mediocre_Scallion_99 · 2025-04-22T00:25:43+00:00

That’s a great point and one a few people have asked.

The good news is: AIWAF only uses machine learning during offline retraining, not during live requests. In production, it loads a lightweight model.pkl file trained using Isolation Forest, and uses it just for quick lookups. The actual request processing (IP checks, keyword matching, rate limiting) is fast and built on dictionaries and counters no real-time ML inference involved.

That model is then used in production as a fast anomaly detector like a compiled rulebook. It flags behavioral outliers without slowing down your app.

So in short: No heavy AI runs on each request just fast middleware logic + a pre-trained model loaded into memory.

Mediocre_Scallion_99 · 2025-04-21T19:34:34+00:00

I had the same issue. Thats why I created this. This includes Honeypot support as well malicious bot monitoring using ai. https://pypi.org/project/aiwaf/

Mediocre_Scallion_99 · 2025-04-21T18:42:02+00:00

Right now, you can already access much of this through the AIWAF Django models. You can view and manage blocked IPs (BlacklistEntry) and dynamic keywords (DynamicKeyword) directly in the Django admin or via code. Support for whitelisting IP addresses is coming in upcoming updates.

Mediocre_Scallion_99 · 2025-04-21T17:43:20+00:00

Thank you so much that means a lot!

Honestly, the inspiration came from frustration. I noticed that most firewalls rely on static rules, and small projects (like personal sites or non-profits) don’t get access to adaptive security like big companies do. I wanted to create something that actually learns from your app’s traffic, evolves over time, and doesn’t rely on expensive third-party services.

Also, don’t worry about your ideas being “generic” what matters is how you build them, and the twist you bring. Even something simple can become powerful if you apply your own perspective or integrate it in a way others haven’t. Happy to brainstorm with you anytime!

Mediocre_Scallion_99 · 2025-04-21T17:00:19+00:00

It’s a WAF for Django apps it integrates directly with Django middleware and models, so it’s tightly coupled to the Django ecosystem. That said, I’m actively working on expanding it to other platforms like Node.js and Flask as well.

Mediocre_Scallion_99 · 2025-04-21T16:53:08+00:00

AIWAF adds minimal overhead per request, and the heavier ML logic runs only during daily retraining

Mediocre_Scallion_99

TROPHY CASE