<img alt="BunkerWeb logo" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.12/misc/logo.png" height=100 width=350 />
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?label=stable" />
<img src="https://img.shields.io/github/v/release/bunkerity/bunkerweb?include_prereleases&label=latest" />
<img src="https://img.shields.io/github/last-commit/bunkerity/bunkerweb" />
<img src="https://img.shields.io/github/issues/bunkerity/bunkerweb">
<img src="https://img.shields.io/github/issues-pr/bunkerity/bunkerweb">
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/dev.yml?branch=dev&label=CI%2FCD%20dev" />
<img src="https://img.shields.io/github/actions/workflow/status/bunkerity/bunkerweb/staging.yml?branch=staging&label=CI%2FCD%20staging" />
<a href="https://www.bestpractices.dev/projects/8001">
<img src="https://www.bestpractices.dev/projects/8001/badge">
</a>
<a href="https://gitrated.com/bunkerity/bunkerweb"><img src="https://gitrated.com/bunkerity/bunkerweb/badge" alt="GitRated rating" /></a>
<a href="https://www.star-history.com/bunkerity/bunkerweb">
<img alt="Star History Rank" src="https://api.star-history.com/badge?repo=bunkerity/bunkerweb" width=140 />
</a>
🌐 <a href="https://www.bunkerweb.io/?utm_campaign=self&utm_source=github">Website</a>
|
🤝 <a href="https://panel.bunkerweb.io/?utm_campaign=self&utm_source=github">Panel</a>
|
📓 <a href="https://docs.bunkerweb.io/?utm_campaign=self&utm_source=github">Documentation</a>
|
👨💻 <a href="https://demo.bunkerweb.io/?utm_campaign=self&utm_source=github">Demo</a>
|
📱 <a href="https://demo-ui.bunkerweb.io/?utm_campaign=self&utm_source=github">Demo UI</a>
|
🧩 <a href="https://github.com/bunkerity/bunkerweb-templates">Templates</a>
|
🛡️ <a href="https://github.com/bunkerity/bunkerweb/raw/v1.6.12/examples">Examples</a>
💬 <a href="https://discord.com/invite/fTf46FmtyD">Chat</a>
|
📝 <a href="https://github.com/bunkerity/bunkerweb/discussions">Forum</a>
|
📝 <a href="https://community.bunkerweb.io/?utm_campaign=self&utm_source=github">Community</a>
|
🗺️ <a href="https://www.bunkerweb.io/threatmap/?utm_campaign=self&utm_source=github">Threatmap</a>
|
📊 <a href="https://status.bunkerweb.io/?utm_campaign=self&utm_source=github">Status</a>
|
🔎 <a href="https://forms.gle/e3VgymAteYPnwM1j9">Feedback</a>
🛡️ Make security by default great again!
<img alt="Overview banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.12/docs/assets/img/intro-overview.svg" />
BunkerWeb is a next-generation, open-source Web Application Firewall (WAF).
Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them "secure by default." BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) as a reverse proxy and is fully configurable (don't panic, there is an awesome web UI if you don't like the CLI) to meet your own use cases. In other words, cybersecurity is no longer a hassle.
BunkerWeb contains primary security features as part of the core but can be easily extended with additional ones thanks to a plugin system.
https://github.com/user-attachments/assets/c3fed740-28d8-4335-ab05-113a9e815b4f
A non-exhaustive list of security features:
Learn more about the core security features in the security tuning section of the documentation.
https://github.com/user-attachments/assets/6fc0e3c1-d353-4a84-bad0-15bf9b6623a5
A demo website protected with BunkerWeb is available at demo.bunkerweb.io. Feel free to visit it and perform some security tests.
https://github.com/user-attachments/assets/a3ed56f8-c124-4ca9-b8b3-4be0913b3078
BunkerWeb offers an optional user interface to manage your instances and their configurations. An online read-only demo is available at demo-ui.bunkerweb.io, feel free to test it yourself.
Don't want to self-host and manage your own BunkerWeb instance(s)? You might be interested in BunkerWeb Cloud, our fully managed SaaS offering for BunkerWeb.
Order your BunkerWeb Cloud instance and get access to:
If you are interested in the BunkerWeb Cloud offering, don't hesitate to contact us so we can discuss your needs.
Want to quickly test BunkerWeb PRO for one month? Use the code freetrial when placing your order on the BunkerWeb panel or by clicking here to directly to apply the promo code (will be effective at checkout).
When using BunkerWeb, you have the choice of the version you want to use: open-source or PRO.
Whether it's enhanced security, an enriched user experience, or technical monitoring, the BunkerWeb PRO version allows you to fully benefit from BunkerWeb and meet your professional needs.
In the documentation or the user interface, PRO features are annotated with a crown to distinguish them from those integrated into the open-source version.
You can upgrade from the open-source version to the PRO one easily and at any time. The process is straightforward:
freetrial promo code at checkoutDo not hesitate to visit the BunkerWeb panel or contact us if you have any questions regarding the PRO version.
Get the most out of BunkerWeb by getting professional services directly from the maintainers of the project. From technical support to tailored consulting and development, we are here to assist you in the security of your web services.
You will find more information by visiting the BunkerWeb Panel, our dedicated platform for professional services.
Don't hesitate to contact us if you have any questions; we will be more than happy to respond to your needs.
Official websites, tools, and resources about BunkerWeb:
Community and social networks:
<img alt="Concepts banner" src="https://github.com/bunkerity/bunkerweb/raw/v1.6.12/docs/assets/img/concepts.svg" />
You will find more information about the key concepts of BunkerWeb in the documentation.
The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments.
The following integrations are officially supported:
Once BunkerWeb is integrated into your environment, you will need to configure it to serve and protect your web applications.
The configuration of BunkerWeb is done by using what we call the "settings" or "variables." Each setting is identified by a name such as AUTO_LETS_ENCRYPT or USE_ANTIBOT. You can assign values to the settings to configure BunkerWeb.
Here is a dummy example of a BunkerWeb configuration:
SERVER_NAME=www.example.com
AUTO_LETS_ENCRYPT=yes
USE_ANTIBOT=captcha
REFERRER_POLICY=no-referrer
USE_MODSECURITY=no
USE_GZIP=yes
USE_BROTLI=no
The multisite mode is a crucial concept to understand when using BunkerWeb. Because the goal is to protect web applications, we intrinsically inherit the concept of "virtual host" or "vhost" (more info [here
$ claude mcp add bunkerweb \
-- python -m otcore.mcp_server <graph>