Show HN: Shibuya – A High-Performance WAF in Rust with eBPF and ML Engine

Hacker News · Feb 23, 2026 · Collected from RSS

Full Article

渋 SHIBUYA Killer Features Performance vs Others Architecture Threats Contact ⬇ Enterprise €399 ⚡ RUST · 615+ OWASP RULES · ML + eBPF · WASM · 36-PAGE DASHBOARD PROTECT.SHIBUYA. The most advanced open-source WAF ever built. ML anomaly detection. eBPF kernel blocking. 615+ OWASP rules. The WAF that makes Cloudflare nervous. <5msP99 Latency 1µseBPF Block 615+CRS Rules 36Dashboard Pages SQLi BLOCKED 4,291 XSS BLOCKED 2,841 RCE BLOCKED 1,203 BOT DETECTED 8,917 PATH TRAVERSAL 712 ZERO-DAY ML 89 eBPF DROPS 19,402 SQLi BLOCKED ↑ LIVE XSS BLOCKED ↑ LIVE RCE BLOCKED ↑ LIVE BOT DETECTED ↑ LIVE PATH TRAVERSAL ↑ LIVE ZERO-DAY ML ↑ LIVE eBPF DROPS ↑ LIVE // killer features — what makes shibuya unstoppableThe features no otherWAF dares to ship. 9 weapons in one stack. Each module is a game-changer. Together, they're an impenetrable fortress built in Rust. 01 ⚡ Kernel Power · Linux OnlyeBPF / XDP Kernel-Level Blocking Shibuya drops an XDP hook directly in the Linux kernel. Packets from known-malicious IPs get killed before they ever reach your application or even the WAF itself. IP blacklists stored in eBPF maps for O(1) lookup on millions of IPs. SYN flood protection included. Toggle on/off at runtime via Admin API — no restart needed. XDP hookeBPF mapsSYN floodO(1) lookupruntime toggle ⚡ Blocking latency: ~1 microsecond — faster than any userspace WAF possible 02 🧠 AI Security · ExplainableDual ML Engine with SHAP Explainability Two independent ML models run in parallel: an IsolationForest (via ONNX runtime) detects anomalies, and a Random Forest classifies attacks across 10 classes: SQLi, XSS, RCE, SSRF, XXE, SSTI, NoSQLi, Path Traversal, Command Injection, Benign. SHAP-like explainability shows exactly which top-5 features triggered the alert. Human-in-the-loop feedback loop. A/B model testing. Data drift detection. IsolationForestRandom ForestONNX runtimeSHAP explainA/B testingdrift detection 🧠 ML inference <5ms · 10 attack classes · full confidence scoring 03 🛡️ OWASP Standard · ModSec Compatible615+ CRS Rules — Full ModSecurity-Compatible Engine Native SecRule parser with the full OWASP Core Rule Set — the enterprise-standard ruleset used worldwide. Every operator: @rx @pm @detectSQLi @detectXSS @ipMatch @validateByteRange. Anomaly scoring with 4 paranoia levels. ReDoS protection built-in. Rules hot-reload without downtime. Custom rule creation via Admin API or CLI. 942xxx SQLi941xxx XSS932xxx RCE930xxx LFI920xxx ProtocolReDoS guardhot-reload 🛡️ 615 rule files · 4 paranoia levels · hot-reload in production 04 🧩 Extensibility · Any LanguageWASM Plugin System — Extend in Any Language Extend Shibuya with WebAssembly plugins written in any language — Rust, Go, C, AssemblyScript, anything that compiles to WASM. Each plugin runs in a fully sandboxed environment with configurable memory limits, execution time caps, and fuel budgets. A host API lets plugins inspect and modify requests in real-time. No other open-source WAF has this. any languagesandboxedmemory limitstime limitsfuel budgethost API 🧩 Any language → WASM → instant Shibuya plugin, zero core changes 05 🎭 Zero-Risk · Test in ProdShadow Mode + Traffic Replay Engine Deploy new rules to production without any risk. Shadow mode logs what would have been blocked — without blocking anything. Configurable per-route, per-percentage (0–100%). Request replay engine captures real traffic to PostgreSQL and replays it against new policy versions, generating a full diff report: "old policy vs new policy" — with zero production impact. per-route shadow0–100% capturePostgreSQL storereplay enginediff reports 🎭 Test policy changes on real traffic — zero risk, full insight 06 📐 API-First · Schema-DrivenNative GraphQL + OpenAPI Protection Import your OpenAPI 3.x spec and Shibuya auto-generates positive security rules — only documented endpoints, methods, and schemas are allowed. GraphQL gets: depth analysis, complexity scoring, alias count validation, batch size limits, and introspection blocking. JWT validation and OAuth 2.0 for API auth. Response validation to catch data leakage on the way out. OpenAPI 3.xpositive securityGraphQL depthcomplexity limitJWT/OAuthresponse validation 📐 Import spec → instant API protection with zero rules written manually 07 🔥 Included · Unique in the MarketAshigaru Lab — A Complete Vulnerable Attack Environment, Shipped With Shibuya No other WAF on the market ships with a built-in attack lab. Ashigaru is a full Docker-based environment with 6 deliberately vulnerable services — real exploitable vulnerabilities — so you can validate the WAF against actual attacks, not synthetic benchmarks. A Red Team Bot automates attacks. The War Room provides a full test suite dashboard. Test everything before you go live. Express REST (5 vulns)React SSR (XSS+RCE)Flask AI (Prompt Injection)Apollo GraphQLPHP Legacy (SQLi+LFI)Red Team Bot 🔥 Real vulnerabilities · Real attacks · Real WAF validation — included, free ASHIGARU — 6 VULNERABLE SERVICES SQLi × 5Express GatewayREST API XSS + RCEReact FrontendSSR attacks Prompt InjectionFlask AI SearchLLM bypass GraphQL AttacksApollo EngineDepth + batch SQLi + LFIPHP LegacyClassic vulns 🤖 AutoRed Team BotFull attack suite 08 🏢 Enterprise Grade · $0 CostMulti-Tenancy + RBAC + LDAP + Federated Learning Built for teams and enterprises at zero cost. Full multi-tenancy with tenant isolation, RBAC for role-based dashboard access, LDAP integration for enterprise SSO, OAuth 2.0. Federated Learning module shares threat intelligence across WAF nodes. Post-Quantum Cryptography for future-proof TLS. Hardware attestation via TPM. Dynamic SBOM for supply chain monitoring. multi-tenancyRBACLDAP/SSOfederated learningpost-quantum TLSTPM attestationSBOM 🏢 Enterprise features that competitors charge thousands/month for — free 09 🤖 Next-Gen · No SecRule NeededNLP Policies + AI Virtual Patching in 30 Seconds Write security policies in plain English with the NLP policy engine — no SecRule syntax required. The AI Virtual Patching module automatically generates WAF rules from CVEs. Integrates with Burp Suite, nuclei, and ZAP — when a scanner finds a vulnerability, Shibuya blocks it in 30 seconds, without touching a single line of application code. Promote to permanent rule with one click. NLP policiesAI patchingBurp Suitenuclei/ZAPCVE-to-blockone-click promote 🤖 Scanner finds CVE → WAF blocks in 30 seconds, zero code changes // performance & market dataNumbers don't lie. Security data from Verizon DBIR, OWASP, Akamai 2024. Performance from Shibuya load benchmarks. 94%OWASP Top 10Detection RateOWASP Testing Guide 2023 <5msP99 LatencyOverheadShibuya Benchmarks 76%Web AttacksTarget APIsAkamai SOTI 2024 43%Breaches viaWeb AppsVerizon DBIR 2024 WAF Latency Overhead — P99 ms · LOWER IS BETTER Attack Type Distribution OWASP 2024 Detection Rate by Category SHIBUYA vs INDUSTRY AVG // competitive analysisShibuya vs The World. Honest. Feature by feature. We're open source, faster, and going where no WAF has gone before. Feature SHIBUYA YOU ARE HERE Cloudflare WAF AWS WAF ModSecurity OWASP CRS (615+ rules)✓ Native full✓◐ Partial✓ ML Anomaly Detection (ONNX)✓ IsolationForest✓ Black box✗✗ ML Explainability (SHAP)✓ Top 5 features✗✗✗ eBPF/XDP Kernel Blocking✓ ~1μs✗✗✗ WASM Plugin System✓ Full sandbox◐ Workers only✗✗ Shadow Mode + Replay✓ Built-in◐ Limited✗✗ OpenAPI Auto-Rules✓ Auto-generate◐ Manual◐ Manual✗ GraphQL Native Protection✓ Depth+Complexity✓✗✗ NLP Policy Engine✓ Plain English✗✗✗ AI Virtual Patching✓ CVE → 30s block✗✗✗ Built-in Attack Lab✓ Ashigaru (6 svc)✗✗✗ Multi-Tenancy + RBAC✓ Full✓ Paid✓ Paid✗ Post-Quantum TLS✓ Included✓ Paid tier✗✗ Federated Learning✓ Included✗✗✗ P99 Latency Overhead<5ms~10–20ms~15–30ms~8–15ms Self-Hosted / Full Control✓ 100%✗ Cloud only✗ Cloud only✓ Open Source✓ 100% Open✗ Proprietary✗ Proprietary✓ CostFree / Open Source$200+/mo$5+/mo + trafficFree // 9-layer pipelineBuilt LikeA Weapon. Every request passes through 9 sequential security layers. From kernel to application, nothing gets through unscathed. 🌐HTTP INTLS · HTTP/1-3→ ⚡eBPF/XDP~1µs kernel→ 🚦RATE LIMITToken bucket→ 🤖BOT DETECTTLS fingerprint→ 🌍THREAT INTELBloom filter→ 📜CRS ENGINE615+ rules→ 🧠ML LAYERONNX <5ms→ 📐API/GRAPHQLSchema guard→ 🧩WASMSandboxed→ ✅BACKENDProtected // threat coverageEvery Attack.Stopped Cold. OWASP Top 10 and beyond. ML catches what rules miss. eBPF stops what ML can't even see. 💉SQL INJECTION942xxx rules@detectSQLi✓ BLOCKED 🔮XSS941xxx rules@detectXSS✓ BLOCKED 💀RCE932xxx rulesCommand injection✓ BLOCKED 📂PATH TRAVERSAL930xxx rulesnormalizePath✓ BLOCKED 🤖BOT TRAFFICTLS fingerprintBehavioral ML✓ BLOCKED 🔭ZERO-DAYML IsolationForestAnomaly score✓ DETECTED 🌊SYN FLOODeBPF/XDP kernel~1µs drops✓ MITIGATED 🕸️GRAPHQL ABUSEDepth + complexityAlias flood✓ BLOCKED 🔐SSRF / XXEML classifierPattern match✓ BLOCKED 🧬SSTI / NoSQLiML classification10 attack classes✓ BLOCKED // sveltekit dashboard · 36 pagesA War Roomin Your Browser. 36-page SvelteKit dashboard. Real-time ECharts. 2-second polling. Dark glassmorphism. Full WAF control from one UI. 📊Real-Time AnalyticsLive timeseries, attack pie charts, P99 latency heatmaps. Polls every 2 seconds via WebSocket. 📋Request InspectorFull drill-down per request: body, headers, ML score, matched rules, IP reputation, anomaly features. ⚙️Rule ManagerEnable, disable, create, delete rules live. YAML config editor with syntax highlighting and live validation. 🧠ML MonitorNeural engine dashboard: threshold slider, pending human reviews, feedback for retraining, drift charts, A/B results. ⚡eBPF Control PanelEnable/disable kernel filtering at runtime. Monitor XDP drops, eBPF map stats, blocked IP counts. 🏢Team + Multi-TenancyFull tenant isolation, RBAC roles, activity feeds, audit logs with CSV/JSON export, MFA setup pages. // technology stack207 Rust Files.A Craft, Not a Product. 207 core Rust files. 32 CLI modules. 16 API files. 36 dashboard pages. Every line intentional. RustCore engine. Memory-safe, zero-