Nexus WAF
An Intelligent, Multi-Layer Zero-Trust Web Application Firewall
Project NexusWAF is a structured, intelligent Web Application Firewall designed for modern distributed environments.
Built with a strict separation between data plane and control plane, NexusWAF integrates deterministic rule enforcement, formal grammar-based request parsing, and machine learning inference into a cohesive zero-trust security platform.
The system is engineered for:
- High performance
- Structured traffic analysis
- Hot policy reload
- Modular microservice deployment
- Enterprise-grade extensibility
- 🔐 Zero-Trust Request Validation
- 🧠 Deterministic + Intelligent Hybrid Detection
- 🌳 Grammar-Aware Traffic Parsing
- ⚙️ Modular Microservice Architecture
- 🔄 Dynamic Policy Management
- 📊 Observability-First Design
| Layer | Technology | Purpose |
|---|---|---|
| Language | Rust | Data plane & control plane |
| Runtime | Tokio | Async I/O |
| Protocol | gRPC | Inter-service communication |
| ML Runtime | ONNX | Model inference |
| Database | PostgreSQL | Rules & audit storage |
| Frontend | Next.js | Admin interface |
| Observability | Prometheus | Metrics |
We welcome contributions from developers, researchers, and security engineers.
Ways to contribute:
- Report issues
- Improve documentation
- Suggest new detection strategies
- Optimize parsing performance
- Expand ML classification models
Development setup instructions are available in individual repository READMEs.
Project NexusWAF is released under the MIT License.
Engineered with precision for structured, intelligent application security.
⭐ Star the project if you find it valuable.
