> For the complete documentation index, see [llms.txt](https://docs.openappsec.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.openappsec.io/what-is-open-appsec.md). # What is open-appsec? **open-appsec** is an **open-source** fully automated Web Application and API Security solution. It is powered by a machine learning engine which continuously analyzes users' HTTP/S requests as they visit the website or API. The analysis includes the application structure and how users interact with the content in order to identify patterns and automatically stop and block malicious requests and bad actors. open-appsec provides pre-emptive threat protection against OWASP Top-10- and zero-day attacks. Thanks to machine learning, there is no threat signature upkeep and exception handling, like common in many WAF solutions. It can be deployed as add-on to many platforms and solutions, e.g.:\ \ **NGINX**\ **Ingress NGINX**\ **NGINX Proxy Manager**\ **NPMplus**\ **Kong API Gateway**\ **Apache APISIX API Gateway** \ **Envoy** \ **Istio Ingress Gateway** The project GitHub is available [here](https://github.com/openappsec). In addition to the free open-appsec "Community Edition" there's also an Enterprise WAF solution available, which is built on and significantly extends the same core technology as open-appsec\ \ **Check Point WAF** (open-appsec's "enterprise edition") offers **enterprise-grade support SLAs**, many more **advanced security capabilities**, much **higher scalability**, and **additional deployment options**, including **virtual machine images** and a **full SaaS offering** option.\ \ A **comprehensive overview and comparison of what's included in the different editions** is available [here](https://www.openappsec.com/pricing). ## Main features of open-appsec * **Machine Learning-based Application Firewall** - stop application layer attacks including OWASP Top 10 with very minimal tuning and no false positives. Pre-emptive (no signature updates required) protection for zero-days such as Log4Shell and Spring4Shell. * **API Security** * stop malicious API access and abuse * and enforce API schema (requires Check Point WAF or open-appsec Premium Edition \[deprecated]) * **Bot Prevention** - Identify and stop automated attacks before they negatively impact the bottom line or customer experience (requires Check Point WAF or open-appsec Premium Edition \[deprecated]) * **Intrusion Prevention** * Full IPS Engine with support for custom Snort 3.0 signatures. * Protections for over 2,800 WEB CVEs, based on Check Point award winning NSS-Certified IPS (requires Check Point WAF or open-appsec Premium Edition \[deprecated]) * **File Security -** Prevent malicious files from being uploaded into web apps and APIs servers. The engine scans the HTTP traffic analyses any files uploaded and consults a huge cloud repository as to the file's reputation (requires Check Point WAF or open-appsec Premium Edition \[deprecated]) * **Rate Limiting** - Safeguard your websites and API by setting a cap on how many requests. can be made within a certain period, based on identifiers such as IP address (Community Edition) or keys within JWT, cookies or headers (requires Check Point WAF or open-appsec Premium Edition \[deprecated]) * **HTTPS Traffic inspection** - SSL certificate and private keys can be stored locally or in public cloud secrets storage (AWS/Azure) * **Integration into modern environments** and workloads (public cloud & Kubernetes) and CI/CD workflows, supporting **NGINX Ingress Controller, NGINX, NGINX Proxy Manager, NPMplus, Envoy, APISIX and Kong API Gateways, Istio Ingress Gateway** on **Kubernetes, Linux Servers and Containers (Docker).** * **Ease of ongoing management and maintenance** – Enterprise Grade SaaS Web UI, GraphQL API and Infrastructure-as-code using Terraform * **GitOps-CD-ready** - alternatively to using the central WebUI manage open-appsec locally, declaratively using local configuration file (Docker/Linux) or CRDs/annotations (Kubernetes) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.openappsec.io/what-is-open-appsec.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.