HomeCatalog🔒 Security & PrivacyBunkerWeb
Screenshot of BunkerWeb website

// screenshot of bunkerweb.io ↗

SECURITY & PRIVACY · PRO TIER

BunkerWebpro

BunkerWeb is a Web Application Firewall (WAF) and reverse proxy — combines nginx with ModSecurity, custom security rules, anti-bot, rate limiting, and a beautiful admin UI. Open-source, drop-in replacement for nginx + manual ModSecurity wiring.

Install via WHMCS → Visit bunkerweb.io ↗
🔒 Security & Privacy Min 512 MB RAM Port 80 (http) Tier pro
// What it is

A closer look.

BunkerWeb is a Web Application Firewall (WAF) and reverse proxy — combines nginx with ModSecurity, custom security rules, anti-bot, rate limiting, and a beautiful admin UI. Open-source, drop-in replacement for nginx + manual ModSecurity wiring.

For self-hosters running public-facing apps and worried about attacks, BunkerWeb is the all-in-one defense layer.

// Use cases

What it's for.

Concrete scenarios where teams pick BunkerWeb over the SaaS alternative.

Web Application Firewall

block OWASP Top 10 attacks

Reverse proxy + WAF

protected access to backend apps

DDoS mitigation

rate limiting + bad-bot blocking

TLS termination

Let's Encrypt + secure cipher suites

Anti-bot

CAPTCHA + behavior analysis

// Who it's for

Built for these teams.

If your team profile matches one of these, BunkerWeb is a strong fit out of the box.

Profile A

Self-hosters

running public-facing apps with attack concerns

Profile B

Small businesses

protecting customer-facing sites

Profile C

DevOps teams

wanting WAF without commercial vendors

Profile D

Privacy-conscious orgs

rejecting Cloudflare's data handling

Profile E

Compliance-bound apps

requiring documented WAF

// Differentiators

Why teams pick BunkerWeb.

When evaluating self-hosted options for this category, here are the dimensions on which BunkerWeb consistently lands above the alternatives.

  • AGPLv3 — fully open
  • All-in-one — nginx + ModSecurity + WAF rules + UI
  • OWASP CRS — Core Rule Set integrated
  • Anti-bot — behavior-based + CAPTCHA
  • Active development — backed by Bunkity
  • Easy config — YAML / UI vs manual nginx rules
// Integrations

Connects to.

The stack you'll plug BunkerWeb into — services, protocols, and adjacent apps in the BluixApps catalog.

Reverse proxy
protect any backend HTTP service
TLS
Let's Encrypt + custom certs
WAF rules
OWASP CRS + custom
Rate limiting
per-IP, per-URI
Authentication
basic auth, OAuth via forward-auth
Notification
email + Slack on attacks
Cluster mode
multi-node deployments
// Adoption & deployment

Notable users & community

  • 7k+ GitHub stars
  • Active GitHub Discussions
  • Backed by Bunkity with commercial Pro support
  • Featured in self-hosted security tool roundups
  • Frequent releases

What we ship

  • Docker compose: BunkerWeb (latest stable)
  • Pinned bunkerity/bunkerweb:1.5 (release-tagged)
  • HTTPS via Let's Encrypt
  • OWASP CRS pre-configured
  • Admin UI with random password
  • Persistent volumes for config + cache
  • Backup hook covers config + rules
// Tips & operations

Run it properly.

Operational guidance from running this in production — what to do before you scale, what to lock down, what surprises people.

// PERFORMANCE
Tune WAF rules
false positives common; tune for your app
// SECURITY
Monitor blocked requests
investigate trends; adjust rules
// OPERATIONS
TLS config
secure defaults but customize for compatibility
// RELIABILITY
Persistent storage
config + cache
// DEPLOYMENT
Test in monitor mode first
observe attacks before blocking
// SCALING
Backup config
your rules are valuable; backup
512
// min ram (MB)
5
// min disk (GB)
80
// access port
http
// protocol
pro
// bluixapps tier
bunkerity/bunkerweb:1.6.9 · bunkerity/bunkerweb-scheduler:1.6.9
// docker image

Project resources

Official sitebunkerweb.io ↗
// Alternatives in Security & Privacy

Compare with

Security & Privacy
AdGuard Home
Open page →
Security & Privacy
Authelia
Open page →
Security & Privacy
Authentik
Open page →