BunkerWeb was created in 2020-2021 by Bunkerity, a French cybersecurity company, as a next-generation open-source Web Application Firewall (WAF). The project was designed to provide modern, user-friendly web application security.
- 2021: First public release of BunkerWeb
- 2022: Introduction of the web UI for easier management
- 2022: Added support for Docker and Kubernetes deployments
¶ Growth and Community (2023-Present)
BunkerWeb gained significant traction in the self-hosting and homelab communities due to its:
- Modern approach to WAF configuration
- Easy deployment via Docker
- Integration with popular web servers
- Active development and regular updates
| Year |
Version |
Notable Changes |
| 2021 |
1.0 |
Initial release |
| 2022 |
1.2 |
Web UI introduction |
| 2023 |
1.4 |
Enhanced plugin system |
| 2024 |
1.5 |
Improved performance and scalability |
- Nginx: Web server and reverse proxy foundation
- Lua: In-request processing via nginx-lua-module
- Python: Scheduler service and automation (“the brain”)
- JavaScript/HTML/CSS: Web-based user interface
- Shell: System integration scripts
- Automatic SSL/TLS certificate management (Let’s Encrypt)
- Real-time request inspection
- Plugin system for extensibility
- Multi-site support
- API for automation
¶ Impact and Legacy
BunkerWeb represents a new generation of WAF tools:
- User-friendly: Web UI makes WAF accessible to non-experts
- Modern: Built with containerization in mind
- Open-source: AGPL-3.0 licensed with active community
- Self-hosted: Designed for self-hosting enthusiasts
BunkerWeb is actively maintained with:
- Regular security updates
- Active GitHub community (10k+ stars)
- Docker Hub official images
- Comprehensive documentation
- Enterprise support options through Bunkerity
| Feature |
BunkerWeb |
ModSecurity |
| Configuration |
Web UI + Environment variables |
Configuration files |
| Deployment |
Docker-native |
Traditional/Docker |
| Learning Curve |
Low |
Moderate to High |
| Rule Set |
Built-in + Custom |
OWASP CRS |