BunkerWeb is a great open-source WAF. But it requires a reverse proxy in front of every server. Defensia gives you the same protection — installed directly on your server in 60 seconds.
BunkerWeb architecture
Internet
↓ DNS change required
[BunkerWeb Reverse Proxy]
↓ All traffic routed through proxy
Your Server (nginx/apache)
Requires: DNS change, new server/container for proxy, SSL certificate migration, architecture redesign.
Defensia architecture
Internet
↓ No changes
Your Server (nginx/apache)
+ Defensia Agent (installed inside)
Monitors logs → blocks threats → reports to dashboard
Requires: one curl command. No DNS change, no proxy, no architecture change.
$ docker pull bunkerity/bunkerweb
$ # Configure docker-compose.yml with reverse proxy settings
$ # Set up SSL certificates and DNS
$ # Route all traffic through BunkerWeb container
$ # Configure ModSecurity rules and Lua plugins
$ docker compose up -d
30-60 minutes. Architecture redesign required.
$ curl -fsSL https://defensia.cloud/install.sh | sudo bash -s -- --token TOKEN
✓ WAF active (auto-detects nginx/apache)
✓ SSH brute force protection
✓ Malware scanner ready
✓ Dashboard connected
60 seconds. Zero infrastructure change.
BunkerWeb is a solid open-source WAF. But the reverse proxy model isn't for everyone.
No reverse proxy needed
BunkerWeb sits between the internet and your server. Defensia installs directly on your server — your DNS, SSL, and architecture stay exactly the same.
5x-70x cheaper
BunkerWeb Shield starts at €49/mo, Cloud at €639/mo. Defensia Pro is €9/mo per server with a free tier for 1 server.
More than just a WAF
BunkerWeb is a web firewall. Defensia is a complete security platform: WAF + SSH + malware scanner + rootkit detection + CVE management + bot detection.
60-second install
One curl command. The agent auto-detects your web server, SSH, mail, FTP, and Docker containers. No YAML configs, no container orchestration.
Works with cPanel/WHM
Native WHM sidebar addon with cPHulk integration and automatic domlog discovery. BunkerWeb has no hosting panel integration.
Framework-aware scanning
Detects Laravel, WordPress, Django, Symfony, CakePHP, CodeIgniter, Node, Rails — checks framework-specific security issues. BunkerWeb doesn't inspect your application code.
| Feature | BunkerWeb | Defensia |
|---|---|---|
| Web Application Firewall | ✓ | ✓ |
| OWASP Top 10 Protection | ✓ | ✓ |
| Bot Detection | ✓ | 70+ fingerprints |
| DDoS Protection (L7) | ✓ | Rate limiting |
| No Infrastructure Change | ✗ | ✓ |
| SSH Brute Force | ✗ | 15 patterns |
| Mail/FTP/DB Protection | ✗ | ✓ |
| Malware Scanner | ✗ | Full (signatures + YARA + heuristic) |
| Rootkit Detection | ✗ | ✓ |
| Credential Scanning | ✗ | ✓ |
| CVE Vulnerability Management | ✗ | ✓ |
| Framework Detection (10+) | ✗ | ✓ |
| cPanel/WHM Integration | ✗ | ✓ |
| Security Posture Score | ✗ | 0-100 (A-F grade) |
| Docker Monitoring | Deploys as container | Detects containers |
| Kubernetes Support | ✓ | DaemonSet + Helm |
| HTTP/2, HTTP/3, TLS 1.3 | ✓ | N/A (not a proxy) |
| Open Source | AGPLv3 | MIT |
| Price (per server) | From €49/mo | €9/mo (free tier) |
BunkerWeb Shield
€49/mo
Self-hosted + support
BunkerWeb Cloud
€639/mo
Managed SaaS
Defensia Pro
€9/mo
Per server. Free tier available.
Install Defensia on your first server in 60 seconds. Free forever for 1 server, no credit card required.
Start Free — No Infrastructure Change