A developer has unveiled Shibuya, a next-generation Web Application Firewall built entirely in Rust that combines eBPF kernel filtering with machine learning for unprecedented performance and protection. Unlike traditional WAFs that rely on regex signatures, Shibuya integrates a multi-layer pipeline with rate limiting, bot detection, and threat intelligence capabilities.

The project stands out with its eBPF/XDP kernel-level blocking that drops malicious packets before they reach userspace, achieving sub-microsecond latency. It features dual ML engines running in parallel - an IsolationForest for anomaly detection and a Random Forest classifier for identifying specific attack classes like SQL injection, XSS, and remote code execution. The system includes 615+ OWASP Core Rule Set rules and supports OpenAPI 3.x schema validation for API protection.

Shibuya ships with Ashigaru Lab, a Docker-based vulnerable environment containing six deliberately compromised services for testing against real-world attacks. The dashboard built with SvelteKit offers real-time monitoring, panic mode hardening, and visual YAML configuration editing. With WASM plugin extensibility, shadow mode testing, and enterprise features like multi-tenancy and federated learning - all at zero cost - Shibuya represents a significant advancement in open-source WAF technology that could challenge commercial solutions.