AIWAF is an open source Web Application Firewall built to go beyond static regex rules and simple rate limiting, which often break down when traffic patterns change or attackers adapt. Instead of relying only on hardcoded blacklists, AIWAF adds anomaly detection for abnormal request patterns, honeypot fields with timing analysis to catch bots, dynamic keyword detection to spot suspicious payloads that don’t appear on predefined lists, and adaptive IP/keyword blocking backed by CSV or database storage.

It currently works as middleware for Django and Flask and is meant to be easy to drop into existing projects without heavy configuration. The project is still early, and I’d love feedback from the community on what would make this better, whether the next focus should be deeper ML-based detection or support for additional frameworks, and how important integrations with existing tools like fail2ban or ModSecurity would be. Project site: https://aiwaf.org/