← Back to work

Infrastructure / Security

nginx-defender

An enterprise-grade web application firewall and real-time threat detection system. Monitors nginx logs, detects brute force attacks and abusive IPs using ML-based anomaly detection, and automatically blocks offenders via iptables/ufw - with zero reliance on external services. Supports multi-channel alerting (Telegram, Slack, Email, Discord), Kubernetes deployment, and a real-time web dashboard. 72 GitHub stars.

Tech stack

Go, Docker, Kubernetes, iptables/nftables

GoDockerKubernetesiptablesSecurity

What I learned

  • - Reliable security tooling needs clear detection thresholds and alerting paths.
  • - Automated blocking is powerful, but you need safeguards to avoid false positives.
  • - Operational visibility (logs, dashboards, notifications) matters as much as model quality.

Links

Explore ->