Tempesta FW is an all-in-one open-source solution for high performance web content delivery and advanced protection against DDoS and web attacks. This is a drop-in-replacement for the whole web server frontend infrastructure: an HTTPS load balancer, a web accelerator, a DDoS mitigation system, and a web application firewall (WAF).
Tempesta FW is the first and only hybrid of a Web accelerator and a multi-layer firewall. This unique architecture provides seamless integration with the Linux iptables or nftables.
Tempesta FW services up to 1.8M HTTP requests per second on the cheapest hardware, which is x3 faster than Nginx or HAProxy. Tempesta TLS is about 40-80% faster than Nginx/OpenSSL and provides up to x4 lower latency.
Watch the Tempesta FW demo in the Security Weekly show - Fast And Secure Web.
Tempesta FW is built into Linux TCP/IP stack for better and more stable performance characteristics in comparison with TCP servers on top of common Socket API or even DPDK or other kernel bypass technology.
We do our best to keep the kernel modifications as small as possible. Current patch is just about 2,700 lines.
We're in alpha state for now. The alpha is available by:
The master branch is a development (and unstable) branch for contributers and early testers only. Use release-0.6 branch or binary releases for stable versions.
Please see our Wiki for following topics: