heatdrop.ai

The hottest AI & LLM repositories on GitHub — measured, ranked, and explained.

← all repositories
jx-sec/jxwaf

A Chinese WAF that distills LLMs into a 30% speed penalty

JXWAF runs an AI security model locally via model distillation, claiming 96.6% attack detection without calling OpenAI on every request.

1.2k stars Go Template Domain Apps
View on GitHub Homepage
jxwaf
Velocity · 7d
+0.4
★ / day
Trend
steady
star history

What it does

JXWAF is a three-part Web Application Firewall: an admin console, OpenResty-based traffic nodes, and a Go/ClickHouse logging subsystem. It inspects HTTP/HTTPS traffic, blocks what it considers malicious, and forwards the rest. Everything deploys via Docker Compose on Debian 12.

The interesting bit

The project bets on “online distillation” — shrinking a large AI model’s detection capability into a local inference engine that runs at the edge. The README claims this keeps the AI + semantic engine overhead to roughly a 30% QPS drop versus pure forwarding, with full protection still pushing 18K+ QPS on a 4C8G box. That’s the rare case where the boring part (the distillation architecture) is more notable than the marketing.

Key highlights

  • Multi-engine stack: AI model, semantic analysis, SSL fingerprint/behavior analysis, and a real-time “WebTDS” big-data threat engine
  • Performance claims: 48K HTTP QPS unprotected; ~31K with AI + semantic; ~18K with all engines; <80ms average latency at full protection
  • Detection stats: 96.6% pass rate against 477 PayloadsAllTheThings POCs across 36 categories; SQLi and XSS claimed at 100%
  • Deployment model: Self-hosted, not SaaS — you run the console, nodes, and ClickHouse log stack yourself
  • Online demo available at waf-demo.jxwaf.com (demo / 123456)

Caveats

  • Platform lock: Requires Debian 12.x; no mention of other distros or bare-metal non-Docker installs
  • Opaque AI claims: “Self-developed multi-dimensional sparse attention” and “low hallucination” are stated but not substantiated with model architecture details or reproducible benchmarks
  • Single-node test only: The performance and detection tests appear to run on one 4C8G instance; cluster behavior is asserted but not shown
  • Language barrier: Primary docs and community support are Chinese-language; English docs exist but may lag

Verdict

Worth a look if you run Chinese-facing infrastructure and want a self-hosted WAF with AI-assisted detection out of the box. Skip it if you need cross-platform flexibility, detailed model transparency, or mature English-language support channels.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.