Qaclana is a modern open-source Web Application Firewall built for cloud-native deployments.

I’m proud to announce the Qaclana project, an open source Web Application Firewall (WAF) built for cloud-native workloads.

A Web Application Firewall is a piece of software that sits between your users and your website or application, analyzing the incoming request and outgoing response for positive or negative behavioral patterns. When Qaclana finds an anomaly, the communication with the client is interrupted, protecting either the target backend or the data that is about to be sent to the user.

Why

Even though there are some really good WAFs out there, there are only a few open-source ones, mostly working as plugins for NGINX or Apache httpd, like ModSecurity. Sadly, most of them are either not being actively maintained, or are not really suitable for today’s workloads.

There are also cloud solutions like AWS WAF or Digital Ocean’s Firewall, which are great solutions to use when you already have a source of intelligence. Unfortunately, they aren’t that useful without a seed or without further automation.

Software-as-a-Service solutions like CloudFlare’s are a good choice for websites and applications that make use of their other products, like the DDoS protection, but the firewall itself can’t be easily adapted to the target’s specific workload.

Qaclana aims to provide a WAF for modern workloads, featuring adaptive rules and swarm intelligence. Its architected so that the components can be scaled individually, while still being resilient in case of individual failures.

Current state

The project was just bootstrapped and is in proof-of-concept mode: data is already visible on Jaeger, and incoming requests are filtered based on data from the Project Honeypot.

The project should not be used for production workloads yet, although we would appreciate any feedback if you decide to try it out.

The Server and the Backend aren’t functional yet, even though some features are implemented there already, like the System State Toggle.

Take a look at our Kanban board to see what is in our queue. If you feel like contributing to the project, just grab a card!