Neptune WAF is an enterprise-grade Web Application Firewall (WAF) designed to deliver comprehensive, real-time protection to your applications against a wide spectrum of modern cyber threats.
The project distinguishes itself through advanced security features, leveraging intelligent detection, and automated response systems to ensure application integrity and availability.
Neptune WAF provides a robust defense structure built upon several core security pillars:
- Real-Time Threat Detection: Monitors and analyzes every request using advanced pattern recognition and machine learning algorithms to identify and instantly block malicious traffic.
- Anti-Bot Protection: Features multiple challenge types to distinguish legitimate users from automated bots, scrapers, and malicious crawlers:
- Cookie Challenge: Automatic JavaScript-based verification for seamless user experience
- Proof of Work (PoW): Browser computes cryptographic puzzles (SHA-256 with configurable difficulty) - Premium
- Captcha: Server-generated image captcha with distortion and noise for maximum security - Premium
- Custom Challenge Pages: Create fully customized anti-bot HTML pages with your own branding and design - Premium
- Rate Limiting: Implements intelligent rate limiting per IP address with customizable thresholds and time windows to prevent Distributed Denial of Service (DDoS) attacks and API abuse while maintaining service availability.
- GeoIP Blocking: Integrates MaxMind GeoIP2 for precise country-level blocking.
- HTTP/HTTPS Reverse Proxy: Full-featured reverse proxy with TLS termination and backend forwarding.
- TCP Proxy Mode: Direct TCP proxying for non-HTTP protocols, enabling protection for any TCP-based service.
- WebSocket Support: Seamless WebSocket connections via TCP hijacking with automatic protocol detection and bidirectional data forwarding.
- Connection Hijacking: Low-level TCP connection handling for maximum flexibility and performance.
- Dynamic Block Pages: Blocked IPs receive informative pages showing:
- Block reason (from admin-defined descriptions)
- Expiration countdown for temporary bans
- Permanent ban indication for indefinite blocks
- Automatic Expiration: Time-based IP blocks with automatic cleanup
The WAF incorporates industry-standard security rules to protect against the most critical web application vulnerabilities, including:
- SQL Injection Protection: Advanced pattern matching and signature-based detection to prevent SQL injection attacks.
- XSS Prevention: Multi-layered protection detecting reflected, stored, and DOM-based Cross-Site Scripting (XSS) attacks.
- Path Traversal Defense: Detects and blocks directory traversal attempts and file inclusion attacks, preventing unauthorized access to sensitive server files.
- Command Injection Shield: Identifies and neutralizes OS command injection attempts across all parameters, headers, and request bodies.
- XXE Protection: Detects and blocks XML External Entity injection attempts.
- SSRF Prevention: Server-Side Request Forgery detection and blocking.
- LDAP Injection Protection: Guards against LDAP injection attacks.
- Header Injection Defense: Prevents HTTP header injection and response splitting attacks.
Neptune is Built for Scale, focusing on high performance with reported latency of <1 ms and high uptime standards.
The system offers operational flexibility with two distinct modes:
- Audit Mode: Allows monitoring and logging of all detected threats without active blocking. This is ideal for testing, tuning security rules, and understanding traffic patterns before full enforcement.
- Blocking Mode: The full protection mode that actively blocks detected threats and malicious traffic in real-time.
- Let's Encrypt Integration: Automatic certificate provisioning and renewal via ACME protocol
- Custom Certificates: Support for manually configured SSL/TLS certificates
- Per-Domain SSL: Independent SSL configuration for each protected domain
- Real-Time Analytics: A comprehensive dashboard provides live attack visualization, traffic analytics, and security metrics updated every second.
- Comprehensive Logging: Detailed attack logs with full request context, matched rules, severity levels, and export capabilities are provided for compliance and forensic analysis.
- Attack Timeline: Visual representation of attack patterns over time
- Top Attackers: Identification and tracking of most frequent attack sources
Neptune WAF offers enhanced capabilities for premium users:
| Feature | Description |
|---|---|
| PoW Challenge | Proof of Work anti-bot protection with configurable difficulty |
| Captcha Challenge | Secure server-generated image captcha (text never sent to client) |
| Custom Anti-Bot Pages | Fully customizable HTML challenge pages with code examples |
| Extended Analytics | Advanced metrics and reporting capabilities |
Please note that the Neptune-WAF project is currently closed source and is not planned for a public release at this time.
This GitHub repository is maintained exclusively for issue tracking. Should you encounter any bugs, or wish to submit feedback regarding the product or documentation, please feel free to open an issue here.
For the most comprehensive and up-to-date information about Neptune WAF, please visit our official website: neptune-waf.app