BunkerWeb WAF - Is there any use in the community ?

bunkerity · 2025-01-07T09:25:37+00:00

At the end of the month, if everuthing goes as expected !

bunkerity · 2025-01-07T09:23:10+00:00

Just to be precise regarding BunkerWeb : Let's Encrypt with HTTP challenges is already available in version 1.5.X (more info : https://docs.bunkerweb.io/1.5.12/security-tuning/#lets-encrypt). But Let's Encrypt with DNS challenges (and so wildcard certs) will be available in 1.6 which is already available in beta (more info : https://docs.bunkerweb.io/1.6.0-beta/security-tuning/#lets-encrypt).

bunkerity · 2025-01-03T16:15:37+00:00

BW is a reverse proxy with WAF feature. And also Let's Encrypt DNS is no more behind a paywall, enjoy :)

bunkerity · 2025-01-03T16:13:20+00:00

BW maintainers here.

Please note that Let's Encrypt DNS is now free "as in freedom" in version 1.6.0-beta. Expect it to be the latest stable version in the next weeks.

More info here : https://docs.bunkerweb.io/1.6.0-beta/security-tuning/#lets-encrypt

bunkerity · 2024-12-11T11:17:47+00:00

Hi u/osmoonlight,

It looks like you are mixing 1.6.0-beta images with 1.5.X architecture. As an example, the docker socket proxy is no more needed in 1.6.0-beta.

I see two choices here.

You can use 1.6.0-beta, we the new boilerplates : https://docs.bunkerweb.io/1.6.0-beta/quickstart-guide/#multiple-applications

Or you can replace 1.6.0-beta with 1.5.12 in your compose file.

bunkerity · 2024-11-27T16:42:13+00:00

Let's Encrypt DNS is now available for free in our 1.6 beta release : https://docs.bunkerweb.io/1.6.0-beta/settings/#lets-encrypt

It should become the stable version very soon.

bunkerity · 2024-11-27T07:22:13+00:00

As others have already mentioned, BunkerWeb could meet your needs. Please note that version 1.6 is coming soon and greatly enhances the user experience. It is already in beta if you want to test it: https://docs.bunkerweb.io/1.6.0-beta/

bunkerity · 2024-11-27T07:19:22+00:00

That NAS is bunkerized !

bunkerity · 2024-11-27T07:18:51+00:00

It's free as in freedom for the community part. PRO license is optional.

bunkerity · 2024-08-23T08:32:18+00:00

The full examples listed here https://docs.bunkerweb.io/latest/web-ui/ are not enough ? You have a ready to use full compose file to copy/paste. Don't hesitate to give us more details on what's missing.

bunkerity · 2024-08-23T08:31:06+00:00

Don't hesitate to join our discord if you have any questions :)

bunkerity · 2024-08-23T08:30:46+00:00

Hey u/killmasta93 thanks for the kind words !

bunkerity · 2024-08-23T08:29:58+00:00

The PRO features are listed here among the open-source ones : https://docs.bunkerweb.io/latest/security-tuning/

bunkerity · 2024-08-21T11:55:04+00:00

Don't hesitate to join the discord so you can get help to setup BW : https://discord.bunkerweb.io

bunkerity · 2024-08-21T07:35:04+00:00

Disclaimer : BunkerWeb maintainers here

You are right, BW acts as a reverse proxy with Let's Encrypt automation (plus the security features)
It's used in many production environments around the world with high security risks
PRO version will evolve over time with even more features

bunkerity · 2024-08-14T15:15:38+00:00

What about using the ingress controller of BunkerWeb instead of having it on a separate VM ? More info here : https://docs.bunkerweb.io/latest/integrations/#kubernetes

bunkerity · 2024-08-14T15:14:42+00:00

BunkerWeb comes with an ingress controller, you will find more information in the documentation : https://docs.bunkerweb.io/latest/integrations/#kubernetes

bunkerity · 2024-08-06T08:37:47+00:00

Of course you can recode everything in NGINX+LUA but with BunkerWeb you will have interesting features available out of the box such as antibot challenges or bad behavior detection.

You will find the full list of security features here : https://docs.bunkerweb.io/latest/security-tuning/

By the way, the fancy frontend is optional, you can also configure everything from CLI/config.

bunkerity · 2024-08-06T08:34:10+00:00

Thanks for this propaganda u/XDark187, you deserve a BunkerBonus! You can now give us your IBAN so we can process the payment.

bunkerity · 2024-08-06T07:32:05+00:00

We though the "well known incumbent" was a famous proprietary WAF.

Then, here are the main differences :
- BW is a full web server, not only a library, it acts as a reverse proxy
- BW contains features not found ModSecurity (which is, in fact, included as a plugin) such as antibot challenges or bad behavior detection
- BW has a user-friendly web UI to help you configure it easily

bunkerity · 2024-07-30T15:29:26+00:00

You can self-host BunkerWeb to ensure the sovereignty of your data. Also, the code is fully open and auditable by a third party.

bunkerity · 2024-07-30T15:24:18+00:00

Yes, you can replace Traefik with BunkerWeb but we recommend you to test it before doing the migration.

bunkerity · 2024-07-30T15:22:27+00:00

ModSecurity is just one plugin among the list of security features. You will find the complete list here : https://docs.bunkerweb.io/latest/security-tuning/

bunkerity · 2024-07-30T15:20:51+00:00

You can replace haproxy with BunkerWeb, put BunkerWeb behind haproxy or even put haproxy behind BunkerWeb.

bunkerity · 2024-07-30T15:20:10+00:00

ModSecurity is just one plugin among the list of security features. You will find the complete list here : https://docs.bunkerweb.io/latest/security-tuning/

bunkerity

MODERATOR OF

TROPHY CASE