You have a nice website, and you live in constant fear of attack by evil, bloodthirsty cybercriminals. You no longer sleep, you no longer eat, you bite your nails. It’s so duuuur!!!
Well, imagine that there is a simple and formidable website protection solution that will change the situation. His name is BunkerWeb and it is a new generation web application firewall (WAF), based on NGINX, and easy to use.
With this tool installed on your server, you have a virtual guardian capable of automatically spotting and blocking intrusion attempts, without you having to lift a finger. Thanks to its multi-layered architecture (including filtering rules, automated SSL/TLS management and an integrated WAF engine), BunkerWeb offers:
- Automated management of SSL/TLS certificates via Let’s Encrypt, ensuring effortless traffic encryption.
- HTTP security headers optimized to prevent data leaks (Content-Security-Policy, X-Frame-Options, etc.).
- A ModSecurity pare-feu Built-in, comes with OWASP Core Rule Set to counter SQL injections, XSS and other common attacks.
- A smart ban suspicious behavior, by automatically identifying and blocking clients triggering abnormal HTTP errors.
- Anti-bot protection with challenges (JavaScript, captcha, hCaptcha, reCAPTCHA…) in order to stop malicious robots in their tracks.
- Blocking malicious IPs via external blacklists, thus quickly stopping known threats.
The little extra is that everything is activated by default, without requiring advanced cybersecurity expertise. You benefit from a “secure by default” posture without any hassle. BunkerWeb integrates naturally into your existing infrastructure, whether on:
- Linux (Debian, Ubuntu, RHEL…)
- Docker et Docker Swarm
- Kubernetes
- Microsoft Azure
- And many others…
Now, a quick little tutorial: To test BunkerWeb in Docker, start by getting the image from Docker Hub. Make sure you use the properly mapped internal ports 8080 (HTTP) and 8443 (HTTPS), and most importantly, add the label bunkerweb.INSTANCE=yes for the tool to work fully. For example :
docker run -d --name bunkerweb --label "bunkerweb.INSTANCE=yes" -p 80:8080 -p 443:8443 -v /path/to/www:/www -e SERVER_NAME=www.example.com bunkerity/bunkerweb:1.5.12 This command will launch a ready-to-use BunkerWeb container. You can then refine your configuration (add environment variables, custom rules, etc.) if necessary.
Once launched, BunkerWeb acts as a complete web server, embedding NGINX, anti-bot, ModSecurity WAF, TLS/SSL management, etc. Everything can be fine-tuned via a fantastic GUI, allowing you to:
- View real-time protection status and track blocked requests
- Finely configure each functionality
- View attack logs to understand the nature of threats
- Simply manage SSL/TLS certificates
- Add custom rules (URL blocking, User-Agent filtering, etc.)
To help you get started, an online configurator is available at config.bunkerweb.io and you can test the solution directly on the demo site. This allows you to measure the robustness of the system against different attacks.
BunkerWeb also has a plugin system to go further:
- ???? ClamAV : automatic scans of uploaded files
- ????️ Breastplate : a promising alternative WAF engine
- ???? CrowdSec : collaborative protection against threats
- ???? Discord/Slack : real-time attack notifications
- ???? VirusTotal : advanced analysis of suspicious files
And for a turnkey solution, BunkerWeb offers a paid cloud offer in beta, including a managed instance, PRO features, monitoring, dedicated technical support, and assisted configuration.
All this from €15 per month per protected service.
In short, BunkerWeb is open source, simplifies web security, and allows you to protect your sites without being an expert. A good plan for sleeping peacefully! Visit www.bunkerweb.io and review the documentation (docs.bunkerweb.io) to learn more.
