hoangtuvungcao

hoangtuvungcao / mango-waf

Public

🥭 Mango Shield Apex: High-performance L7 DDoS Protection & WAF with Real-time DStat Dashboard

firewall.vutrungocrong.fun anti-ddos-layer ddos-protection golang waf
89
27
100% credibility
Found Mar 09, 2026 at 84 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Mango Shield is a self-hosted system that protects websites from Layer 7 DDoS attacks and web vulnerabilities using multi-layered defenses like traffic analysis, challenges, and smart caching.

How It Works

1
🛡️ Discover Mango Shield

You hear about a simple protector that keeps websites safe from floods of bad traffic without needing experts.

2
📥 Get it on your server

Download the ready-to-go protector and start it on your web server with easy steps.

3
🔗 Link your websites

Tell it which websites to guard by listing them, and it starts watching all incoming visitors.

4
⚙️ Choose protection strength

Pick a smooth mode that lets real people through fast but challenges suspicious ones.

5
📊 Watch the dashboard

Open the live view to see traffic flowing, threats blocked, and alerts if needed.

Site stays safe and fast

Your websites handle huge visitor rushes smoothly while bad actors get stopped cold.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 84 to 89 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is mango-waf?

Mango-waf is a self-hosted L7 DDoS shield and WAF built in Go that sits in front of your web backends, filtering attacks across multiple domains with load-balanced upstreams. It handles HTTP/HTTPS, WebSockets, and IP-transparent setups, delivering seamless access for legit users via TLS fingerprinting, JS proofs, and OWASP rules while dropping bots early. Real-time dashboard on port 9090 shows RPS, blocks, and cluster status, with Telegram alerts and CLI tools for management.

Why is it gaining traction?

It packs enterprise-grade defense—eBPF acceleration for 10M RPS drops, P2P gossip clustering across VPS without Redis, and adaptive challenges that skip CAPTCHAs for browsers—into a single binary with Docker Compose. Unlike cloud WAFs, it's zero-cost, fully configurable via YAML, and scales via round-robin backends, standing out from github mango live scripts or mango testnet toys with production clustering like mango shield scale.

Who should use this?

VPS owners shielding e-commerce sites or APIs from floods, DevOps teams proxying multiple customer domains without vendor lock-in, and indie hackers dodging SQLi/XSS on low-spec servers. Ideal if you're running nginx backends and want WAF + DDoS mit without Cloudflare proxies.

Verdict

Grab it for POC if facing L7 threats—solid docs, systemd/Docker integration, and MIT license make setup fast despite 83 stars and 1.0% credibility score. Early maturity means watch for edge cases in production; test on staging first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.