We are in private beta, excited? Request access

FlowGuard

Privacy-first traffic filtering. Block threats without sacrificing control.

 Sign in

Your Infrastructure, Your Control

Sophisticated Security Without the SaaS Lock-in

FlowGuard is a self-hosted reverse proxy that puts you in complete control. Your traffic never leaves your servers. The optional control panel manages configuration and displays logs — all processing happens on your infrastructure.

Self-Hosted Privacy
Your traffic stays on your servers. FlowGuard runs entirely on your infrastructure with no mandatory external dependencies. The control panel is purely for configuration management and log viewing — zero data collection, zero third-party processing.

Powerful Control Panel
While FlowGuard can be fully managed via configuration files, the optional control panel makes setup and management easier. Configure rules, view logs, and monitor performance from a user-friendly web interface. Manage rules and settings for many servers at once and gain insights in traffic flowing allowing you to create rules on-the-fly. All while gaining access to managed IP database updates and updated IP lists from various sources.

High-Performance Filtering
Built in Go for minimal overhead and maximum throughput. Transparent interception means no application changes required. High performance IP blocking and rule evaluation optimized for low latency. Scales easily to handle large volumes of traffic.

Dynamic Rule Engine
Create sophisticated filtering rules based on path, domain, IP, ASN, geolocation, user-agent, headers, and more. Combine conditions with logical operators (AND, OR, NOT) for precise traffic control. Rules reload instantly without service interruption.

Automatic Certificate Management
Transparently inspect HTTPS traffic with automatic certificate loading and caching. Drop-in compatibility with any certificates you have deployed. Certificates refresh automatically when rotated — no manual intervention required.

IP Intelligence Integration
Native support for MaxMind and other IP databases for geolocation and ASN lookups. Automatically refresh databases on your schedule. Make security decisions based on visitor country, network, or organization.

Advanced IP Blocking
Built-in high-performance IP lists with automatic URL refresh for threat feeds. Support for both IPv4 and IPv6 in unified lists. Optional Linux ipset integration for kernel-level blocking.

Rate Limiting
Protect your services from abuse with flexible rate limiting rules. Define thresholds per IP, path, or any custom criteria. Keep legitimate users flowing while stopping or slowing automated attacks or bots.

Structured Logging
Send logs to multiple destinations simultaneously — local files, Axiom, Grafana Loki, or OpenObserve. Each log includes request details, client information, rule matches, and response data. Hot-reload logging configuration without downtime.

Hot Configuration Reload
Update rules, logging sinks, IP lists, and more without restarting the service. FlowGuard detects configuration changes and applies them instantly. Zero disruption to active connections.

Transparent Proxy Mode
Automatically intercept traffic on ports 80 and 443 using iptables. Graceful shutdown removes all iptables rules to restore normal traffic flow.

Open Source
FlowGuard proxy is open source and built for transparency. Review the code, contribute improvements, or customize it for your specific needs. No black boxes, no vendor lock-in.

Simple Deployment
Install via APT/YUM on most Linux distro's or build directly from the source. The optional control panel provides a setup command that configures everything automatically. Comprehensive JSON schema for IDE autocomplete and validation.


Not the features you are looking for? Let us know what you need!




Need help?

We are happy to help you with any questions you might have.

  Documentation   Roadmap   Report a bug   Get in touch