is an open source project, aimed to creating a modern Web Application Firewall in the open. We believe that security is something that should be easy to adopt, be it by big corporations with a dedicated security team, be it by one-person web shops.


The proxy and filters are able to work without a server, based on the last good known information.

Once the server is available again, the proxies and filters resumes the communication. This means that your site or service is always available and protected, no matter what.


Architected in a way that has, from day 1, support for multiple instances of the proxy, filter and server.

This means that can be used in highly available scenarios, able to scale the parts that needs scaling for your specific scenario.

Open Source

We believe this is the only reasonable way a security product can be trusted.

Being open source means that anyone can use it for free, anyone can inspect and audit it, and anyone can contribute new features and bug fixes.

is split into several modules, each with its own capabilities.


You choose how to use Qaclana: at or behind your SSL termination point, all-in-one or with each component on its own box, on containers or bare metals, ...

Protects your backend

compares the source of the request against common attack databases, blocking it before it even reaches your backend. It also learns how your website behaves, protecting it from data leaks.

Intuitive dashboard

Get an insight into what's going on in security terms on your website. Get to know how many attack attempts there are, in real time. Enable, disable or switch working modes for your whole farm with a single click.


A few milliseconds is all needs to decide whether or not to block a request and keep your site or service secure. Generally, is done in under 50ms.

Come help us with the v1

We are still building our first version of .

Come help us