Skip to content
Klutch.sh Docs

Deploying BunkerWeb

BunkerWeb is a next-generation, open-source Web Application Firewall (WAF) built on NGINX that provides comprehensive security for web services with minimal configuration. Designed to make security by default great again, BunkerWeb acts as a reverse proxy and security shield in front of your web applications, blocking attacks before they can hit while guaranteeing confidentiality, integrity, and availability of your data. With integrated ModSecurity WAF with OWASP Core Rule Set, automatic Let’s Encrypt SSL/TLS certificates, state-of-the-art HTTP security headers, intelligent bot detection and mitigation, DDoS protection, custom Lua rules, multisite virtual hosting support, comprehensive web UI for management, and seamless integration into existing environments, BunkerWeb enables you to protect your web applications, APIs, and services against OWASP Top 10 threats, malicious bots, DDoS attacks, and sophisticated cyber threats.

Why BunkerWeb?

BunkerWeb stands out as a powerful security solution for web applications:

  • NGINX-based Reverse Proxy: Full-featured web server with reverse proxy capabilities
  • ModSecurity WAF Integration: Industry-standard Web Application Firewall
  • OWASP Core Rule Set: Comprehensive rules against OWASP Top 10 threats
  • Automatic SSL/TLS: Let’s Encrypt integration with transparent certificate management
  • HTTP Security Headers: HSTS, CSP, X-Frame-Options, and other security headers
  • Bot Protection: Multiple challenge types (cookie, JavaScript, captcha, hCaptcha, reCAPTCHA)
  • DDoS Mitigation: Rate limiting, connection limits, and intelligent filtering
  • Request Limiting: Connection and request rate controls per client
  • Behavior-based Ban System: Automatic banning based on HTTP status codes
  • Multisite Support: Virtual hosting for multiple web applications
  • Custom Rules: Lua scripting for custom security rules
  • Reverse Proxy Features: Load balancing, caching, compression (gzip, brotli)
  • Web UI: User-friendly interface for configuration and monitoring
  • Advanced Logging: Detailed attack logs and security event tracking
  • Plugin System: Extend with official plugins (Discord, Slack, ClamAV, etc.)
  • Multiple Databases: SQLite, MariaDB, MySQL, PostgreSQL support
  • Professional Services: Technical support and custom development available
  • Free and Open Source: AGPLv3 licensed with active community
  • Cross-platform: Linux, Docker, Docker Swarm, Kubernetes, Azure support

BunkerWeb is ideal for protecting web applications from attacks, securing API gateways, defending microservices architectures, managing multiple virtual hosts, protecting against DDoS attacks, enabling OWASP compliance, and securing development and production environments. With persistent storage on Klutch.sh, your WAF configuration is always protected and synchronized.

Prerequisites

Before deploying BunkerWeb, ensure you have:

  • A Klutch.sh account
  • A GitHub repository with your BunkerWeb deployment configuration
  • Basic familiarity with Docker and Git
  • Knowledge of your upstream web services (domains/IPs)
  • HTTPS support required (automatic with Let’s Encrypt)
  • Custom domains for protected services (recommended)
  • Understanding of web application security concepts
  • SMTP credentials for security notifications (optional)
  • Time for initial WAF tuning and false positive management

Important Considerations

Deploying BunkerWeb

  1. Create a New Project

    Log in to your Klutch.sh dashboard and create a new project for your BunkerWeb Web Application Firewall.

  2. Prepare Your Repository

    Create a GitHub repository with the following structure for your BunkerWeb deployment:

    bunkerweb-deploy/
    ├─ Dockerfile
    ├─ docker-compose.yml (optional, for local testing)
    ├─ .env.example
    ├─ entrypoint.sh
    ├─ .gitignore
    └─ README.md

    Here’s a Dockerfile for BunkerWeb:

    FROM bunkerity/bunkerweb:latest
    

    WORKDIR /etc/bunkerweb
    

    # Update system packages
    RUN apt-get update && apt-get upgrade -y && \
        apt-get install -y \
        curl \
        wget \
        && rm -rf /var/lib/apt/lists/*
    

    # Create necessary directories
    RUN mkdir -p /data \
        /var/cache/bunkerweb \
        /var/log/bunkerweb \
        && chown -R www-data:www-data /data \
        /var/cache/bunkerweb \
        /var/log/bunkerweb
    

    # Expose port
    EXPOSE 80 443
    

    # Health check
    HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
      CMD curl -f http://localhost/ -H "Host: localhost" -k || exit 1
    

    # Run BunkerWeb
    CMD ["bunkerweb"]

    Create an .env.example file:

    Terminal window
    # BunkerWeb Configuration
    SERVER_NAME=yourdomain.com www.yourdomain.com
    AUTO_LETS_ENCRYPT=yes
    USE_MODSECURITY=yes
    USE_ANTIBOT=yes
    

    # Security Settings
    ALLOWED_METHODS=GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS
    MAX_BODY_SIZE=10m
    RATE_LIMIT=100r/s
    

    # ModSecurity Configuration
    MODSECURITY_SEC_AUDIT_ENGINE=On
    MODSECURITY_RULES=
    

    # Antibot Settings
    ANTIBOT_CHALLENGE=cookie
    

    # Reverse Proxy Configuration
    REVERSE_PROXY_URL=/
    REVERSE_PROXY_HOST=http://upstream-service:8080
    

    # Web UI (optional)
    API_LISTEN_PORT=5000
    API_WHITELIST_IP=127.0.0.1

    Create an entrypoint.sh file:

    #!/bin/bash
    

    set -e
    

    echo "Starting BunkerWeb..."
    

    # Create necessary directories
    mkdir -p /data \
             /var/cache/bunkerweb \
             /var/log/bunkerweb
    

    # Set proper permissions
    chown -R www-data:www-data /data \
                                /var/cache/bunkerweb \
                                /var/log/bunkerweb
    

    # Export environment variables
    export SERVER_NAME=${SERVER_NAME:-yourdomain.com}
    export AUTO_LETS_ENCRYPT=${AUTO_LETS_ENCRYPT:-yes}
    export USE_MODSECURITY=${USE_MODSECURITY:-yes}
    export USE_ANTIBOT=${USE_ANTIBOT:-yes}
    export REVERSE_PROXY_HOST=${REVERSE_PROXY_HOST:-http://localhost:8080}
    

    echo "BunkerWeb configuration:"
    echo "- Server Name: $SERVER_NAME"
    echo "- Let's Encrypt: $AUTO_LETS_ENCRYPT"
    echo "- ModSecurity: $USE_MODSECURITY"
    echo "- Antibot: $USE_ANTIBOT"
    echo "- Upstream: $REVERSE_PROXY_HOST"
    

    # Start BunkerWeb
    exec "$@"

    Create a .gitignore file:

    .env
    data/
    logs/
    *.log
    .DS_Store
    .idea/
    *.swp
    *.swo
    /data/
    /logs/
    /cache/
    .venv/
    venv/
    env/

    Commit and push to your GitHub repository:

    Terminal window
    git init
    git add .
    git commit -m "Initial BunkerWeb WAF deployment"
    git remote add origin https://github.com/yourusername/bunkerweb-deploy.git
    git push -u origin main

  3. Create a New App

    In the Klutch.sh dashboard:

    • Click “Create New App”
    • Select your GitHub repository containing the Dockerfile
    • Choose the branch (typically main or master)
    • Klutch.sh will automatically detect the Dockerfile in the root directory

  4. Configure Environment Variables

    Set up BunkerWeb configuration in your Klutch.sh dashboard:

    VariableDescriptionExample
    SERVER_NAMEProtected domain namesyourdomain.com www.yourdomain.com
    AUTO_LETS_ENCRYPTEnable Let’s Encryptyes
    USE_MODSECURITYEnable ModSecurity WAFyes
    USE_ANTIBOTEnable bot protectionyes
    ANTIBOT_CHALLENGEBot challenge typecookie or javascript or captcha
    REVERSE_PROXY_URLProxy URL path/
    REVERSE_PROXY_HOSTUpstream service addresshttp://upstream-service:8080
    ALLOWED_METHODSAllowed HTTP methodsGET|POST|PUT|DELETE
    MAX_BODY_SIZEMax request body size10m
    RATE_LIMITRate limit per second100r/s
    USE_MODSECURITYEnable WAF rulesyes
    MODSECURITY_SEC_AUDIT_ENGINEAudit engineOn

  5. Configure Persistent Storage

    BunkerWeb benefits from persistent storage for configuration and logs. Add persistent volumes:

    Mount PathDescriptionRecommended Size
    /dataBunkerWeb configuration and state5GB
    /var/log/bunkerwebSecurity and access logs10GB

    In the Klutch.sh dashboard:

    • Navigate to your app settings
    • Go to the “Volumes” section
    • Click “Add Volume” for each mount path
    • Set mount paths and sizes as specified above
    • Ensure log volume has sufficient space for audit trails

  6. Set Network Configuration

    Configure your app’s network settings:

    • Select traffic type: HTTP
    • Recommended internal port: 80 (BunkerWeb default for HTTP, 443 for HTTPS)
    • Klutch.sh will handle HTTPS termination via reverse proxy
    • BunkerWeb can also handle SSL internally

  7. Configure Custom Domains

    Add custom domains for your protected services:

    • Navigate to your app’s “Domains” section in Klutch.sh
    • Add custom domain (e.g., yourdomain.com, api.yourdomain.com)
    • Configure DNS with CNAME record pointing to your Klutch.sh app
    • Update SERVER_NAME environment variable with all domains
    • Wait for DNS propagation (typically 5-15 minutes)
    • Verify SSL certificates are provisioned

  8. Deploy Your App

    • Review all settings and environment variables carefully
    • Verify upstream services are configured
    • Verify custom domains are configured
    • Ensure persistent volumes are properly configured
    • Click “Deploy”
    • Klutch.sh will build the Docker image and start your BunkerWeb instance
    • Wait for deployment to complete (typically 15-25 minutes)
    • Access your BunkerWeb-protected service at your domain
    • Verify security headers are in place
    • Monitor logs for false positives during initial period

Initial Setup and Configuration

After deployment completes, configure your WAF.

Accessing BunkerWeb

Your protected service is accessible at: https://yourdomain.com

BunkerWeb acts as a reverse proxy, forwarding traffic to your upstream service while protecting it.

Configuring Upstream Services

Set up reverse proxy to your backend services:

  1. Determine your backend service address and port
  2. Set REVERSE_PROXY_HOST to backend address
  3. Set REVERSE_PROXY_URL to the path (typically /)
  4. For multiple backends, configure load balancing
  5. Test upstream connectivity
  6. Verify health checks passing

Enabling ModSecurity WAF

Activate Web Application Firewall:

  1. Set USE_MODSECURITY=yes
  2. WAF uses OWASP Core Rule Set by default
  3. Rules analyze request/response for attacks
  4. Suspicious requests are blocked
  5. Review logs for false positives
  6. Adjust rules as needed

Configuring Bot Protection

Set up antibot challenge:

  1. Set USE_ANTIBOT=yes

  2. Choose challenge type:

    • cookie: Simple cookie-based challenge
    • javascript: JavaScript execution required
    • captcha: Google reCAPTCHA v2 challenge
    • hcaptcha: hCaptcha challenge
    • pow: Proof of Work challenge

  3. Configure reCAPTCHA keys if needed

  4. Legitimate bots (Google, Bing) are allowed

  5. Unknown bots face challenge

  6. Monitor bypass attempts

Managing HTTP Security Headers

BunkerWeb sets security headers automatically:

  • Strict-Transport-Security: Force HTTPS
  • X-Frame-Options: Prevent clickjacking
  • X-Content-Type-Options: Prevent MIME sniffing
  • Content-Security-Policy: Control resource loading
  • Referrer-Policy: Control referrer information
  • Permissions-Policy: Control browser features

Configure via environment variables:

Terminal window
STRICT_TRANSPORT_SECURITY=max-age=31536000; includeSubDomains
X_FRAME_OPTIONS=DENY
X_CONTENT_TYPE_OPTIONS=nosniff
CONTENT_SECURITY_POLICY="default-src 'self'"

Setting Rate Limiting

Configure traffic rate limits:

  1. Set RATE_LIMIT to requests per second
  2. Set RATE_LIMIT_URL for specific paths
  3. Set client connection limits
  4. Monitor for legitimate user impact
  5. Adjust thresholds based on traffic analysis

Managing SSL/TLS Certificates

Automatic certificate management:

  1. With AUTO_LETS_ENCRYPT=yes, certificates auto-provision
  2. Supports multiple domains
  3. Wildcard certificates available
  4. Renewal happens automatically
  5. No manual intervention needed

For custom certificates:

  1. Upload certificate files to persistent storage
  2. Configure certificate paths
  3. Support for PEM format
  4. Chain certificates included

Configuring Multisite Mode

Protect multiple web applications:

  1. List all domains in SERVER_NAME

  2. For each domain, configure upstream service:

    • domain1.com_REVERSE_PROXY_HOST=http://service1:8080
    • domain2.com_REVERSE_PROXY_HOST=http://service2:8080

  3. Each domain has separate security configuration

  4. Settings can be domain-specific

  5. Log aggregation across all sites

Creating Custom Rules

Add custom Lua rules:

  1. Create custom rule files
  2. Store in persistent storage
  3. BunkerWeb loads custom rules
  4. Syntax: Lua scripting language
  5. Examples for specific attack patterns
  6. Testing in audit mode first

Monitoring and Logging

Access security logs:

  1. Logs stored in /var/log/bunkerweb
  2. Review access logs for patterns
  3. Check security audit logs
  4. Analyze blocked requests
  5. Generate reports for compliance
  6. Export logs for external analysis

Using the Web UI (Optional)

Manage BunkerWeb configuration via web interface:

  1. Access at https://yourdomain.com:5000 (if configured)
  2. View dashboard with security statistics
  3. See real-time attack blocking
  4. Manage services and configuration
  5. Update settings without restart
  6. View cached files and resources

Configuring Notifications

Send security alerts:

  1. Configure plugins for notifications
  2. Discord plugin for Discord webhooks
  3. Slack plugin for Slack channels
  4. Email notifications for critical events
  5. Configure alert thresholds
  6. Test notification delivery

Environment Variable Examples

Basic Configuration

Terminal window
SERVER_NAME=yourdomain.com
AUTO_LETS_ENCRYPT=yes
USE_MODSECURITY=yes
USE_ANTIBOT=yes
REVERSE_PROXY_HOST=http://upstream-service:8080

Complete Production Configuration

Terminal window
# Domain Configuration
SERVER_NAME=yourdomain.com www.yourdomain.com api.yourdomain.com
MULTISITE=yes


# SSL/TLS Configuration
AUTO_LETS_ENCRYPT=yes
USE_HTTPS=yes


# Reverse Proxy Configuration
REVERSE_PROXY_URL=/
REVERSE_PROXY_HOST=http://upstream-service:8080
REVERSE_PROXY_PRESERVE_HOST=yes


# Security Features
USE_MODSECURITY=yes
USE_ANTIBOT=yes
ANTIBOT_CHALLENGE=captcha
ANTIBOT_RECAPTCHA_SITEKEY=your_sitekey_here
ANTIBOT_RECAPTCHA_SECRET=your_secret_here


# Rate Limiting
RATE_LIMIT=100r/s
LIMIT_REQ_URL=/api
LIMIT_REQ=/api 10r/s


# HTTP Methods
ALLOWED_METHODS=GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS
MAX_BODY_SIZE=10m


# HTTP Security Headers
STRICT_TRANSPORT_SECURITY=max-age=31536000; includeSubDomains
X_FRAME_OPTIONS=DENY
X_CONTENT_TYPE_OPTIONS=nosniff


# Performance
USE_GZIP=yes
USE_BROTLI=yes
GZIP_LEVEL=6


# Caching
CLIENT_BODY_CACHE=yes
PROXY_CACHE_VALID_200=1h
PROXY_CACHE_VALID_404=10m

Sample Code and Getting Started

Bash - Health Check and Monitoring Script

#!/bin/bash


# BunkerWeb Health Check and Monitoring Script


BUNKERWEB_URL="${BUNKERWEB_URL:-https://yourdomain.com}"
LOG_FILE="/var/log/bunkerweb/check.log"
ALERT_EMAIL="${ALERT_EMAIL:-admin@yourdomain.com}"


echo "Checking BunkerWeb health..."


# Check if BunkerWeb is responding
HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -H "User-Agent: HealthCheck" "$BUNKERWEB_URL" 2>/dev/null)


if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "301" ] || [ "$HTTP_CODE" = "302" ]; then
    echo "✓ BunkerWeb is healthy (HTTP $HTTP_CODE)" | tee -a "$LOG_FILE"
else
    echo "✗ BunkerWeb health check failed (HTTP $HTTP_CODE)" | tee -a "$LOG_FILE"
fi


# Check SSL certificate validity
echo ""
echo "Checking SSL certificate..."


CERT_EXPIRY=$(echo | openssl s_client -servername yourdomain.com \
    -connect yourdomain.com:443 2>/dev/null | \
    openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)


echo "Certificate expires: $CERT_EXPIRY"


# Check for blocked requests in logs
echo ""
echo "Analyzing security logs..."


BLOCKED_COUNT=$(grep -c "ModSecurity" /var/log/bunkerweb/access.log 2>/dev/null || echo "0")
echo "✓ Blocked requests in last period: $BLOCKED_COUNT"


# Check disk space
echo ""
echo "Checking disk space..."


DISK_USAGE=$(du -sh /var/log/bunkerweb | awk '{print $1}')
echo "✓ Log volume usage: $DISK_USAGE"


# Generate report
echo ""
echo "Health check completed at $(date)" | tee -a "$LOG_FILE"

Lua - Custom Security Rule

-- BunkerWeb Custom Security Rule
-- File: /data/custom/custom_rule.lua


local bunkerweb = require "bunkerweb"
local logger = bunkerweb:get_variable("LOG")


-- Check for suspicious patterns
local uri = bunkerweb:get_variable("URI")
local method = bunkerweb:get_variable("METHOD")
local user_agent = bunkerweb:get_variable("HTTP_USER_AGENT")


-- Block requests with suspicious patterns
if string.find(uri, "admin") and method == "POST" then
    if not string.find(user_agent, "Mozilla") then
        logger:log(ngx.ALERT, "Suspicious admin access from non-browser user agent")
        bunkerweb:set_variable("USE_MODSECURITY", "on")
        return 403
    end
end


-- Rate limit specific endpoints
if string.find(uri, "/api/login") then
    local ip = bunkerweb:get_variable("REMOTE_ADDR")
    -- Implement rate limiting logic
    logger:log(ngx.INFO, "Login attempt from IP: " .. ip)
end


-- Check for missing security headers in responses
local response_headers = bunkerweb:get_variable("RESP_HEADERS")
if not string.find(response_headers, "Strict-Transport-Security") then
    logger:log(ngx.WARN, "Missing HSTS header in response")
    bunkerweb:set_variable("RESP_HEADERS",
        response_headers .. "Strict-Transport-Security: max-age=31536000")
end


return ngx.OK

cURL - Testing BunkerWeb Protection

Terminal window
# BunkerWeb Protection Testing Examples


# Test basic connectivity
curl -v https://yourdomain.com


# Test bot challenge response
curl -v "https://yourdomain.com/" \
  -H "User-Agent: Unknown-Bot"


# Test rate limiting
for i in {1..150}; do
  curl -s "https://yourdomain.com/api" > /dev/null
done


# Test suspicious payload (should be blocked by ModSecurity)
curl -v "https://yourdomain.com/?id=1' OR '1'='1"


# Test with custom headers
curl -v https://yourdomain.com \
  -H "X-Custom-Header: value" \
  -H "Referer: https://example.com"


# Test POST request
curl -X POST https://yourdomain.com/api \
  -H "Content-Type: application/json" \
  -d '{"test": "data"}'


# Check security headers
curl -I https://yourdomain.com | grep -E "Security|HSTS"


# Test with different User-Agent strings
curl -A "Mozilla/5.0" https://yourdomain.com
curl -A "curl" https://yourdomain.com


# Monitor blocked requests in real-time
tail -f /var/log/bunkerweb/access.log | grep -E "blocked|denied|403"

Web Application Firewall Best Practices

Rule Management

Maintain effective security rules:

  1. Start in Audit Mode: Run ModSecurity without blocking initially
  2. Review False Positives: Identify legitimate requests being blocked
  3. Tune Rules: Disable overly aggressive rules
  4. Custom Rules: Add rules for application-specific threats
  5. Regular Updates: Keep OWASP Core Rule Set updated
  6. Test Changes: Verify rules don’t break functionality

Performance Optimization

Balance security and performance:

  1. Caching: Enable caching for static content
  2. Compression: Use gzip/brotli for text responses
  3. Connection Limits: Prevent resource exhaustion
  4. Upstream Health Checks: Route around failed backends
  5. Session Persistence: Maintain session affinity if needed
  6. Monitor Response Times: Track impact of WAF rules

SSL/TLS Management

Ensure secure communications:

  1. Certificate Monitoring: Track expiration dates
  2. HSTS Headers: Enable strict transport security
  3. Certificate Pinning: Optional for high-security apps
  4. TLS Version Control: Enforce minimum TLS 1.2/1.3
  5. Cipher Suites: Use strong cipher configurations
  6. Regular Testing: Verify SSL/TLS configuration

Attack Monitoring and Response

Analyze security events:

  1. Alert Thresholds: Set for critical threats
  2. Log Aggregation: Collect logs from all instances
  3. Incident Response: Plan response procedures
  4. Blocklist Management: Maintain IP/domain block lists
  5. Threat Intelligence: Subscribe to threat feeds
  6. Regular Audits: Review security posture

Troubleshooting

Common Issues and Solutions

Issue: Legitimate requests being blocked by ModSecurity

Solutions:

  • Review ModSecurity audit logs
  • Identify specific rule causing blocks
  • Test rule in audit mode first
  • Create rule exception for legitimate pattern
  • Contact BunkerWeb support for rule tuning

Issue: SSL certificate not renewing

Troubleshooting:

  • Verify domain is publicly accessible
  • Check DNS records pointing correctly
  • Review Let’s Encrypt logs for errors
  • Ensure port 443 is accessible externally
  • Test renewal with --dry-run first

Issue: Upstream service not responding

Solutions:

  • Verify upstream service is running
  • Check network connectivity
  • Test upstream health endpoint
  • Review upstream service logs
  • Configure health checks
  • Verify reverse proxy configuration

Issue: Rate limiting blocking legitimate traffic

Troubleshooting:

  • Check current rate limit settings
  • Analyze traffic patterns
  • Increase RATE_LIMIT if needed
  • Create exceptions for known IPs
  • Monitor false positives
  • Adjust per-endpoint limits

Issue: Web UI not accessible

Solutions:

  • Verify port 5000 configured correctly
  • Check API firewall rules
  • Verify credentials correct
  • Review API logs for errors
  • Test connectivity to management port
  • Check persistent volume mounted

Updating BunkerWeb

To update BunkerWeb to a newer version:

  1. Update Dockerfile with latest version tag
  2. Commit and push to GitHub
  3. Klutch.sh automatically rebuilds
  4. Review release notes for breaking changes
  5. Test security rules still effective
  6. Monitor logs after update
  7. Verify all domains protected correctly

Use Cases

Web Application Protection

  • Protect traditional web applications
  • Block SQL injection attacks
  • Prevent XSS vulnerabilities
  • Defend against CSRF attacks

API Security

  • Protect REST/GraphQL APIs
  • Rate limiting for API endpoints
  • Request validation
  • Response security headers

Microservices Defense

  • Protect microservices architecture
  • Service-to-service security
  • Container orchestration integration
  • Distributed threat detection

Multi-tenant Applications

  • Isolate tenant traffic
  • Per-tenant security policies
  • Custom rules per tenant
  • Audit trail separation

DDoS Mitigation

  • Rate limiting protection
  • Connection state management
  • Bad behavior detection
  • Geographic filtering

Additional Resources

Conclusion

Deploying BunkerWeb on Klutch.sh provides you with a powerful, flexible, and comprehensive Web Application Firewall that protects your web services against modern cyber threats. With integrated ModSecurity WAF with OWASP Core Rule Set, automatic SSL/TLS certificate management, bot protection with multiple challenge types, DDoS mitigation, custom Lua rules, multisite virtual hosting, detailed security logging, and professional web UI management, BunkerWeb enables you to implement “security by default” for your web applications, APIs, and services. Klutch.sh’s managed infrastructure ensures your security gateway is always available, performant, and synchronized across deployments, allowing you to focus on building applications while BunkerWeb protects them.

Start protecting your web applications today by deploying BunkerWeb on Klutch.sh and experience enterprise-grade security with open-source transparency and control.