> Whether it's enhanced security, an enriched user experience, or technical supervision, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs.
Is it open core? I see that the license is AGPL. Can I just edit the code to enable the "pro" features, or are they in another repo?
"enhanced security" sounds a bit like the open source version is gutted to encourage people paying for it. If so, it's a bit of a shame. Wouldn't it be better if everyone used this waf and the web would be more secure as possible for everyone?
You are right, this is an open-core model. The PRO features are proprietary and, to be precise, they are actually modules that integrate into the core of the solution. In addition to these features, the PRO version gives you access to technical support.
We completely agree with you that BunkerWeb can be used by everyone to make the web more secure. We sincerely believe that the features offered in the community version contribute significantly to this goal. Thank you for your feedback.
The BunkerNet feature is completely optional. You can disable it at any time, however, you will not be able to take advantage of crowdsourcing on threats if you do so. More information here : https://docs.bunkerweb.io/latest/security-tuning/#bunkernet
Enterprises pay a shitload of cash for that functionality of commercial WAF systems. Some allow that at a low let cost of you send your own data, and more expensive if you don't.
I'll have to check it out! The popular option for homelab or other indie scale is to just use the cloudflare's free-tier setup, which includes WAF, but I see a privacy hole where cloudflare needs to see your unencrypted HTTP traffic so that they can apply their WAF rules.
I've also been checking out CrowdSec. I appreciate it's modular architecture but it definitely deviates away from the folks that just wants to expose an HTTP service and get on with their lives. I've enjoyed the Caddy server for this reason, but yeah, not as secure-as-default when it comes to attacks a WAF would mitigate.
thanks for the tip! At a glance, the SafeLine looks very opaque.. not clear why it starts up so many docker containers and how they are built. I can appreciate that bunkerweb illustrated its architecture a bit more with their docs and descriptive image names.... E.g. `bunkerweb-scheduler` vs `safeline-luigi`
Is this just LUA modules? Whats the performance hit like vs a fresh install of nginx? Whats the performance like on something like ten thousand server blocks?
Performance will indeed decrease compared to a web server without security features. However, this largely depends on the BunkerWeb features you choose to enable.
Can it be integrated with an existing large nginx config with multiple domains, server and client certificates, websockets, other custom settings and different apps deployed with ansible or does it need to run the nginx process by itself?
I recently joined a new company, and one of my first tasks is to secure a simple web API using a WAF. I’d like to explore some free and open-source options to help our office avoid licensing headaches. Do you have any recommendations?
I agree it might not be worth promoting as a main feature at all. But from experience, there are users that will be very vocal about it and request a dark mode.
A commercial closed sourced web application firewall, where some parts / features open source and free.
Promium sourced web application firewall.