Documentation

Everything you need to run and configure the open core — the standalone, Apache-2.0 WAF. The enterprise control plane has its own operator guide, available to customers.

Start here

  • Quickstart — install the waf binary, point it at your backend, and see it block.
  • Configuration — the full config file, section by section.
  • Detection modules — what each module catches, and how requests are scored.

Crate reference

The core is published to crates.io; API docs are on docs.rs.

CrateWhat it isLinks
waf-proxyThe reverse-proxy binary — cargo install it and run as waf.docs.rs · crates.io
waf-coreBase types, config, and client-IP resolution.docs.rs · crates.io
waf-normalizerDecoding, NFKC, and request parsing (anti-evasion).docs.rs · crates.io
waf-pipelinePhased orchestration and anomaly scoring.docs.rs · crates.io
waf-detectionDetection modules, rules, and the fast-path prefilter.docs.rs · crates.io
waf-wasmThe Proxy-Wasm plugin runtime (wasmi).docs.rs · crates.io

Browse the source on GitHub → · Release history →

Running the enterprise tier? The control plane, governed rule management, RBAC/SSO, compliance and SIEM export ship with a dedicated operator guide, available to customers under the commercial licence.

Request enterprise access →