kubeWAF

Kubernetes-native
Web Application Firewall

Protect your Kubernetes workloads with ModSecurity and OWASP Core Rule Set (CRS) using native Kubernetes CRDs.

View on GitHub → Read the docs
BETA — Breaking changes expected

Built for Kubernetes

Define WAF rules using Kubernetes-native CRDs. No more managing complex config files.

🔌

Native CRDs

Manage SecRules, SecActions and CRS policies directly in Kubernetes using SecRule and SecAction resources.

🛡️

OWASP CRS Ready

Full support for the OWASP Core Rule Set. Import, customize and manage CRS rules as Kubernetes resources.

ModSecurity Powered

Powered by ModSecurity / Coraza. Battle-tested WAF engine with full SecLang compatibility.

🌐

Envoy Gateway

Native integration as Envoy Gateway WAF policies using Kubernetes Gateway API. Apply rules at the gateway level.

📦

Sidecar WAF

Deploy as a sidecar container next to your application pods. Fine-grained per-workload protection using Coraza or ModSecurity.

⚠️ BETA RELEASE

This is a Beta version

Developed by Buzz-IT GmbH in Bern, Switzerland.
Expect breaking changes in future releases.

kubeWAF.io • Bern, Switzerland