Documentation
Everything you need to run and configure the open core — the standalone, Apache-2.0 WAF. The enterprise control plane has its own operator guide, available to customers.
Start here
- Quickstart — install the
wafbinary, point it at your backend, and see it block. - Configuration — the full config file, section by section.
- Detection modules — what each module catches, and how requests are scored.
Crate reference
The core is published to crates.io; API docs are on docs.rs.
| Crate | What it is | Links |
|---|---|---|
| waf-proxy | The reverse-proxy binary — cargo install it and run as waf. | docs.rs · crates.io |
| waf-core | Base types, config, and client-IP resolution. | docs.rs · crates.io |
| waf-normalizer | Decoding, NFKC, and request parsing (anti-evasion). | docs.rs · crates.io |
| waf-pipeline | Phased orchestration and anomaly scoring. | docs.rs · crates.io |
| waf-detection | Detection modules, rules, and the fast-path prefilter. | docs.rs · crates.io |
| waf-wasm | The Proxy-Wasm plugin runtime (wasmi). | docs.rs · crates.io |
Browse the source on GitHub → · Release history →
Running the enterprise tier? The control plane, governed rule management, RBAC/SSO, compliance and SIEM export ship with a dedicated operator guide, available to customers under the commercial licence.