Introducing Nginx Proxy Guard
A modern reverse proxy management system with a powerful WAF, bot protection, GeoIP blocking, and rate limiting.
Nginx Proxy Guard is a next-generation reverse proxy management system built on Nginx. It delivers enterprise-grade security alongside an intuitive web UI, protecting your web applications through comprehensive security layers including the ModSecurity WAF, bot protection, GeoIP blocking, and rate limiting.

Why Nginx Proxy Guard?
Nginx Proxy Guard is designed to meet modern security requirements.
| Feature | Nginx Proxy Guard | Nginx Proxy Manager |
|---|---|---|
| WAF | ModSecurity v3.0.15 + OWASP CRS v4.26.0 | Limited / none |
| ForwardAuth | Authelia/Authentik/Custom SSO, reusable auth providers | None |
| Bot Protection | 80+ malicious bots, 50+ AI bots, 40+ search engine whitelist | Basic blocking only |
| GeoIP | MaxMind integration, per-country blocking/challenge | Limited |
| HTTP/3 | Full QUIC support | Mostly unsupported |
| Challenge System | reCAPTCHA v2/v3, hCaptcha, Turnstile | None / basic |
| Log Analytics | GeoIP, visualization, advanced filtering, autocomplete | Basic logs only |
| Multilingual | Full Korean/English support | English only |
| Cloud Blocking | Block cloud IPs from AWS, Azure, GCP, and more | None |
| 2FA Authentication | TOTP + backup codes | Limited |
| Load Balancing | Upstream servers, health checks, 4 distribution methods | None |
| TCP/UDP Streams | L4 stream proxy (TCP/UDP), SSL preread/termination | None |
| DDNS | Cloudflare, DuckDNS, Dynu dynamic DNS auto-update | None |
| Filter Subscriptions | Subscribe to external bot/IP block lists with auto-update | None |
| Host Cloning | One-click cloning (including security settings) | None |
| Config Rollback | Automatic rollback on nginx -t failure | None |
| Security Header Presets | One-click Strict/Moderate/Relaxed presets | None / limited |
Key Features
Proxy Management
- Multiple Domains: Attach multiple domains per host (SNI support)
- WebSocket: Full WebSocket upgrade support for real-time communication
- Host Cloning: Quickly clone all settings from an existing host to a new domain
- Docker Container Discovery: Automatically discover and select proxy targets in Docker environments
- Upstream Load Balancing: Multiple backend servers, health checks, 4 distribution methods (Round Robin / Least Conn / IP Hash / Random)
- TCP/UDP Streams: L4 stream proxy with SSL preread (passthrough) and termination support
- Custom Configuration: Directly edit location blocks and advanced Nginx settings
WAF & Security
- ModSecurity v3.0.15: Integration with the latest WAF engine
- OWASP CRS v4.26.0: Powered by the latest Core Rule Set
- Paranoia Level: Tune security strength with levels 1-4
- WAF Testing: A pattern testing interface to prevent false positives upfront
- Auto Blocking: Automatically block IPs that exceed thresholds (Fail2ban-style)
Bot Protection & Access Control
- 80+ Malicious Bot Signatures: Block SEO scrapers, content crawlers, and security scanners
- 50+ AI Bot Detection: GPTBot, ClaudeBot, Bytespider, Perplexity, and more
- 40+ Search Engine Whitelist: Allow Google, Bing, Yandex, Naver, and more
- Social Link Previews: Allow Facebook, Twitter, Discord, Slack, and Telegram bots
- Challenge Mode: Option to show a CAPTCHA instead of blocking
GeoIP Access Control
- Per-Country Block/Allow: Whitelist/blacklist modes
- Priority Allow IPs: Configure IPs that bypass regional blocking
- Challenge Mode: Request verification with a CAPTCHA instead of blocking
- Automatic Updates: Automatically refresh the MaxMind GeoIP database
Certificates & DDNS
- Let's Encrypt Automation: Auto-issue and renew certificates via HTTP-01 / DNS-01 challenges
- DNS Providers: DNS-01 challenge integration for Cloudflare, Route53, and more
- DDNS Auto-Update: Automatically update Cloudflare, DuckDNS, and Dynu dynamic DNS records
- Custom Certificates: Upload your own certificates
Filter Subscriptions
- External Block Lists: Subscribe to bot/IP block lists from external sources
- Automatic Updates: Periodically refresh subscribed filter lists
Monitoring & Analytics
- Real-Time Dashboard: 24-hour request statistics, bandwidth, and security events
- Interactive World Map: Visualize traffic based on GeoIP
- Advanced Log Analytics: Filtering, search, autocomplete, and visualization charts
- Audit Logs: History of admin activity, API token usage, and configuration changes
User Experience
- Dark Mode: Automatically detect system settings or switch manually
- Multilingual Support: Full Korean/English support with automatic browser detection
- Font Settings: Choose from Pretendard, Noto Sans KR, Inter, and more
- Responsive Design: Full support for mobile, tablet, and desktop
Tech Stack
| Category | Technology |
|---|---|
| Web Server | Nginx 1.30.2 (HTTP/3 QUIC) |
| WAF | ModSecurity v3.0.15 + OWASP CRS v4.26.0 |
| Backend | Go 1.26 (Echo v4) |
| Frontend | React 19 + TypeScript 6 + Vite 8 + TailwindCSS 4 |
| Database | TimescaleDB (PostgreSQL 17) |
| Cache | Valkey 9 (Redis-compatible) |
| GeoIP | MaxMind GeoLite2 |
| Authentication | JWT + TOTP (2FA) |