We are building a FOSS WAF-System to provide the community & businesses with an easy and transparent way of securing their edge-services!
WARNING This project is still in an early development stage!
Many traditional WAF systems have not kept pace with the nuanced traffic challenges of the modern web.
Most excel at blocking "known-bad" actors but fail in the Grey Area - the space where legitimate users, automated tools, and sophisticated attackers often look the same.
Our vision for AlpenMesh is to eliminate the "Black Box" of traffic filtering by prioritizing Traffic Intelligence and Forensic Transparency, ensuring you have the clarity to manage complex traffic without the risk of false positives.
- High-Performance Core: Leveraging a Golang-based control plane and the stability of HAProxy with integrated OWASP Coraza WAF & OWASP CoreRuleset.
- Radical Transparency: We aim to end "Mystery Blocks" by providing deep-insight logging. Every request should be annotated with why it was flagged, which rule triggered, and the specific match context.
- Context-Aware Intelligence: Beyond simple IP blocking, we are working toward identifying traffic via Multi-Dimensional Fingerprinting (TCP, UDP, QUIC, TLS, and HTTP).
- Wire-Speed Filtering: Utilizing eBPF XDP to drop malicious or DOS traffic at the kernel level before it ever impacts your application resources.
- Behavioral Analytics: Tracking behavioral patterns over time for session categorization and abuse scoring, using Machine Learning to identify "hidden bots" & interactive attackers.
- Rapid Response Plugin-System: A modular system for easily shareable filters, allowing the community to deploy and share virtual patches for 0-day CVEs instantly.
AlpenMesh-WAF is being designed to fit natively into the modern tech stacks:
- Open Traffic-Intelligence: AlpenMesh nodes can send anonymized reports to our central reporting system. This processes real-world data to build open intelligence that is shared freely with the community.
- Infrastructure-as-Code (IaC): Automated deployments and configuration management via Ansible.
- Full-Stack Observability: Native support for metrics to Prometheus, logs to Grafana Loki, and visualizing everything through pre-configured Grafana dashboards.
- Unified API: A robust API-first architecture that allows for easy automation and remote orchestration.
We are looking for passionate contributors to help us solve the "Grey Area" of web security. If you have experience in any of the following areas, we would love to have you involved:
- Golang Developers: Help us build a rock-solid, high-performance control plane.
- Networking Engineers: Help us optimize packet flow, ASN routing, and advanced traffic logic.
- ML & Data Scientists: Help us build the models for session categorization, abuse scoring, and anomaly detection.
- Traffic Intelligence Specialists: Help us refine our Risk-DB data pipelines and fingerprinting logic.
- eBPF Enthusiasts: Help us push filtering into the kernel with XDP for wire-speed performance.
That sound's interesting to you? Open Tickets, get involved in the Discussions or email us.
You can find an early-access demo of the Admin WebUI here: demo.alpen-waf.com
See: docs.alpen-waf.com
See: Appliance Setup
The detailed roadmap-progress will be covered in feature-tickets.
See also: Contribute
We are happy to get feedback or discuss ideas via discussions or E-Mail
Over the last few years I've been studying & working on projects related to this roadmap and already made good progress.
Also - the practical experience in managing production firewall- & WAF-Systems has given me some good ideas and know-how.
Now it's time to bring it all together and create something powerful! (;
- Rath