Open Source Reverse Proxy Servers

SKUDONET Community Edition is an Open Source Load Balancer and Web Application Firewall (WAF) designed for Linux server environments. Formerly known as Zevenet, it is based on Debian 12.8, providing a stable and secure foundation for reliable application delivery and cybersecurity. This edition is suitable for Linux and Windows server deployments (not for mobile platforms), offering advanced Layer 4 and Layer 7 traffic management with support for up to 250,000 TCP requests per second (L4) and 70,000 HTTPS requests per second (L7). SKUDONET Community Edition includes a full REST JSON API for integration into on-premises or hybrid cloud infrastructures, and it is used in thousands of deployments worldwide. Documentation, administration guides, and API references are available at: https://www.skudonet.com/knowledge-base/

RELIANOID is an open core (Debian GNU/Linux based) Application Delivery Controller (ADC) with advanced load balancing features such as Network Load Balancer, Application Load Balancer with SSL offloading, Advance Network Configuration including Virtual Interfaces, VLANs, Bonding with link aggregation, IPv4/IPv6, advanced routing, stateless cluster, web GUI, JSON API and much more! Enterprise Edition Load Balancer is available with extra features such as global service load balancing (gslb), application security including web application firewall (WAF), blacklists, Realtime Blackhole Lists (DNSBL), DDoS protection, stateful clustering, SNMP monitoring, email and SNMP notifications, RBAC, VPN support, and the best Support directly from an expert Team.

A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. If you are running a version older than v6.0.0 we strongly recommend you please update to the current version. After returning from the authentication provider, the OAuth tokens are stored in the configured session store (cookie, redis, ...) and a cookie is set. The request is forwarded to the upstream server with added user info and authentication headers (depending on the configuration) oauth2-proxy can be configured via command line options, environment variables or config file (in decreasing order of precedence, i.e. command line options will overwrite environment variables and environment variables will overwrite configuration file settings).

A simple security tunnel written in Golang. Listening on multiple ports, multi-level forward proxies - proxy chain, standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support. Probing resistance support for web proxy, TLS encryption via negotiation support for SOCKS5 proxy. Support multiple tunnel types, tunnel UDP over TCP. Local/remote TCP/UDP port forwarding, TCP/UDP Transparent proxy, Shadowsocks Protocol (TCP/UDP), and SNI Proxy. Permission control, load balancing, route control, DNS resolver and proxy, and TUN/TAP Device. In GOST, GOST and other proxy services are considered as proxy nodes, GOST can handle the requests itself, or forward the requests to any one or more proxy nodes. In addition to configuring services directly from the command line, parameters can also be set by specifying the external configuration file with the -C parameter.

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) and is fully configurable (don't panic, there is an awesome web UI if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle.

J2EP is a reverse proxy running on a J2EE engine. The proxy is written in java and was originally designed with Tomcat in mind, but any engine should work fine. A set of basic mapping rules are included but they can easily be extended to your own needs.

UUSEC WAF Web Application Firewall is an industrial grade free, high-performance, and highly scalable web application and API security protection product that supports AI and semantic engines. It is a comprehensive website protection product launched by UUSEC Technology, which first realizes the three-layer defense function of traffic layer, system layer, and runtime layer.

Apache::AppSamurai is a mod_perl based authenticating reverse proxy/application front end designed to protect applications from direct Internet attack.

CacheGuard WAF (Web Application Firewall) allows you to protect your Web applications against content attacks such as but not limited to XSS, SQL injections and Virus injections. CacheGuard WAF is designed to be implemented as a filtering reverse proxy in front of Web servers. In addition, an IP reputation based module allows you to block all requests coming from real time blacklisted IPs. CacheGuard WAF is distributed as an open source OS to install on a virtual or hardware machine. Once installed on a machine, CacheGuard-OS transforms that machine into a network appliance to implement as a link to the internet. CacheGuard-OS is based on a Linux kernel and mainly uses OpenSSL, Apache and ModSecurity and ClamAV. CacheGuard WAF is especially designed to address organization requirements by providing functional and easy to handle Web security solutions.

Web reverse proxy for Single Sign On (SSO). It can apply a security policy (profiles stored in a LDAP directory) to an existing set of applications, consolidate websites, encrypt all communications, rewrite simple URLs...

RewritingProxyTME is a powerful Perl module intended to be used with Apache + Mod_perl in order to provide a full "Reverse Proxy" implementation.

Next generation reverse proxy : provides authentication and authorization services for all incoming HTTP traffic, in addition to offering transparent web SSO to protected applications.

jRevProxy is a lightweight reverse proxy server fully written in Java. jRevProxy accepts HTTP and HTTPS requests and translates these into new requests based on a set of rules. HTTPS with client side authentication (X509 certificates) is supported.

sWAF is a simple Web Application Firewall docker image, pre-configured to be easily used within your web services architecture. It runs NGINX as a dedicated reverse proxy embedding powerful WAF engines: ModSecurity 3, using OWASP® ModSecurity Core Rule Set (CRS) rules, and NAXSI. It uses acme.sh for Let's Encrypt and other free CA support. A lot of people are self-hosting their own cloud infrastructure (using Nextcloud, Synology, QNAP, a cloud lease server or home-made solutions...), but we can never be too much paranoid about web security for a lot of good reasons. Too much time security is left on the background, or only by using some basic - but not sufficient - options and applications are front-faced to the big bad Internet.

WAFs goal is protect sites against hackers and virus attacks. Web App Firewall its PHP application that implement principle of reverse-proxy , build and control traffic map and comfortable management interface.

yxorp is a reverse proxy and application level firewall for the HTTP protocol. It can do all kinds of checks on HTTP traffic, and is highly configurable. It also has other functions that are useful for a web frontend, like load balancing.