Introducing the teler WAF Caddy module

Hi folks,

I’m excited to announce the release of the teler WAF Caddy module, which is designed to effortlessly enhance web security within your Caddy server environment.

GitHub - teler-sh/teler-caddy: teler Caddy integrates the powerful security features of teler WAF into the Caddy web server, ensuring your web servers remain secure and resilient against web-based attacks.

What is teler WAF?

teler-waf is a Go HTTP middleware that protects local web services from OWASP Top 10 threats, known vulnerabilities, malicious actors, botnets, unwanted crawlers, and brute force attacks.

The package comes with a standard net/http.Handler, making it easy to integrate into your application’s routing, and it’s highly configurable—allowing you to tailor it to fit the specific needs of your application. [Since teler-waf v1.5.0], it also provides CaddyHandler & CaddyHandlerFuncWithNext to seamlessly integrate with the Caddy web server.

teler Caddy

With this module, integrating advanced security measures into your Caddy server setup is straightforward. Whether you’re managing a single site or multiple endpoints, you can configure and deploy teler WAF effortlessly to enhance protection without compromising performance.

Key Features:

  • Customizable Protection: Fine-tune security policies using JSON or YAML configurations.
  • Real-time Threat Detection: Immediate alerts for OWASP Top 10 threats like SQL injection.
  • Efficient Performance: Minimal overhead ensures your servers run smoothly.


This module allows for fine-tuning and customization through two subdirectives: load_from and inline. These subdirectives enable you to set various options to tailor the behavior of the teler WAF to meet your specific security needs.

For detailed instructions and examples on configuring the teler WAF Caddy module, refer to the Configuration section of the documentation.


Please share your experience, suggestions, or report any issues on our GitHub repository. Your input helps us improve and enhance our security solutions to better meet your needs. Thanks!!

1 Like

Also, I need guidance on how to publish the module’s documentation and get it listed on the download page. :smiley:

Ah, to do that you go to the Account link and create/login to your account, then click “Claim Package” :slight_smile:

Before doing so, ensure your go.mod is correct and that you have godoc comments in your code.


Those protection layers are good, but in real world has many false possible . Where/how easy turn on/off those FP rules? @dw1


1 Like

@lb2023 - you can use the Excludes option (which will be deprecated in v2[?]) to disable specific threat detectors. Alternatively, you can create custom Whitelists rules using DSL expressions. For detailed configuration options, refer to the Options type on the godoc page.

@matt - thanks for the help, Matt. However, I’m still having problems even after following your instructions :frowning: - My package has an error showing on the download page.