Experience in deploying open source WAF to protect web applications in 2025
Posted: Thu Sep 18, 2025 12:04 pm
Hello everyone PolyTrack
I recently learned about Web Application Firewall (WAF) solutions and discovered many open-source projects that are of interest to the community, such as SafeLine. The obvious advantages are that it is free, fast to deploy, and can run in a Docker/K8s environment.
I would like to ask you guys in the forum:
In reality, does using open source WAF meet the security needs of medium/large-scale websites?
When deploying in a DevOps system, what is the biggest challenge (CI/CD integration, performance, or false positives)?
Besides SafeLine, are there any open-source projects worth trying in 2025?
I look forward to hearing practical experiences from the community to have a clearer view before applying to the product under development.
Thank you!
I recently learned about Web Application Firewall (WAF) solutions and discovered many open-source projects that are of interest to the community, such as SafeLine. The obvious advantages are that it is free, fast to deploy, and can run in a Docker/K8s environment.
I would like to ask you guys in the forum:
In reality, does using open source WAF meet the security needs of medium/large-scale websites?
When deploying in a DevOps system, what is the biggest challenge (CI/CD integration, performance, or false positives)?
Besides SafeLine, are there any open-source projects worth trying in 2025?
I look forward to hearing practical experiences from the community to have a clearer view before applying to the product under development.
Thank you!