Smart Hybrid Routing.
Enterprise Grade Security.

eWAF combines the intelligent dynamic routing of Java with the raw C++ power of NGINX and ModSecurity. Build a zero-trust architecture in seconds.

bash
$ git clone https://github.com/whitehatlabs000/eWAF.git
$ cd eWAF
$ sudo apt install openjdk-17-jdk -y
$ ./mvnw clean install
$ docker compose --profile prod up -d --build
> Deploying Smart Hybrid Control Plane... Done.

Built for Modern Infrastructure

Smart Delegation

Heavy assets (images, videos) are automatically offloaded to NGINX via X-Accel-Redirect. Zero Java heap exhaustion.

ModSecurity CRS

Toggle OWASP Core Rule Set on a per-route basis. Isolate malicious traffic in a dedicated C++ engine before it hits your app.

On-The-Fly Rewriting

Native engine parses and manipulates JSON payloads and HTML anchors dynamically to fix broken backend paths seamlessly.

Documentation

Getting Started with Docker

The easiest and recommended way to run eWAF is using the provided Docker Compose file. This ensures NGINX, ModSecurity, and the Java Core are perfectly synchronized.

git clone https://github.com/whitehatlabs000/eWAF.git
cd eWAF
sudo apt update
sudo apt install openjdk-17-jdk -y
chmod +x mvnw
./mvnw clean install
docker compose --profile prod up -d --build

Once running, access the Admin Dashboard at http://localhost/login.

The Hybrid Control Plane

eWAF does not process everything in a single thread. It acts as an orchestrator:

  • API/HTML Traffic: Handled by Java Native Engine for deep content inspection and URL rewriting.
  • Static Assets: Handled by NGINX. Java replies with X-Accel-Redirect.
  • WAF Routes: Traffic is shifted to a blind corridor, passing through OWASP CRS before reaching the backend.

Proxy Rules Management

Routes can be managed in real-time without restarting the server. In the Admin Dashboard, configure:

  • Engine Selection: Choose between NATIVE, NGINX, or SPRING.
  • ModSecurity Toggle: Enable the C++ WAF with a simple switch (NGINX engine only).
  • Cache TTL: Define in seconds how long NGINX should hold the resource in disk.