Karna
A Kong-native WAF that blocks attacks, sanitizes false positives, and understands AI agent traffic.
Tagline
Kong-native WAF for real traffic
Built for Kong. Not bolted on from Apache.
CRS coverage without CRS misery.
Stop blocking agents like they’re bots.
The Kong-native WAF built for the OpenResty era, not a retrofitted Apache port.
This is Karna's cleanest category-defining story because the page repeatedly contrasts native Lua/Kong behavior against ModSecurity's Apache assumptions, and the install path is clearly a Kong plugin rather than a sidecar appliance.
The practical alternative to ModSecurity for teams who want CRS coverage without CRS misery.
The page leans hard on 2-4x throughput gains, OWASP CRS 4.x compatibility, and in-repo CRS-fix controls that reduce false positives. That makes the alternative story highly credible for teams already familiar with ModSecurity pain.
A false-positive-killing WAF for businesses that cannot afford to block real customer inputs.
The `fix_matched_parts` behavior is the sharpest pain-killer feature on the page. It is especially compelling for signup, checkout, and account flows where security teams fear blocking valid names, addresses, and free-form text.
Primary user
Platform security engineer running Kong Gateway for an API or AI gateway
ICP #1
Platform security engineer at a mid-market SaaS company standardizing on Kong Gateway
Pain
They are stuck between ModSecurity false positives and the operational pain of Apache-era WAF tooling that does not map cleanly to Kong services, routes, or consumers.
Why this solves
Karna is built as a native Kong plugin with per-service controls, JSON audit logs, and detection-only shadow mode, so they can tune without rebuilding the gateway or reverse-engineering line-based logs.
ICP #2
DevSecOps lead protecting an AI product team shipping MCP-based agents
Pain
Their current WAF treats JSON-RPC and SSE streams like opaque request bodies, so agent traffic either slips through uninspected or gets blocked in weird ways.
Why this solves
Karna explicitly parses JSON-RPC envelopes, evaluates SSE responses per event, and exposes MCP-specific variables and allow-lists, which makes agent traffic inspectable instead of special-cased.
ICP #3
Security engineer at an ecommerce or marketplace platform losing conversions to false positives
Pain
Legitimate inputs like names, addresses, or free-form form fields trigger SQLi heuristics and create broken signups, support tickets, and manual exceptions.
Why this solves
Karna’s `fix_matched_parts` action can sanitize the dangerous characters and keep the request flowing, turning a hard 403 into a recoverable, logged event.
Strengths
- +The positioning is unusually crisp: it clearly attacks ModSecurity's Apache-era assumptions, which makes the product feel purpose-built instead of generic.
- +The feature depth is real and specific, especially around MCP awareness, JSON audit log v2, Redis counters, and per-service rule control.
- +The benchmark and CRS regression numbers create instant credibility for security teams who care about speed and correctness.
Weaknesses
- −The page is overloaded with implementation detail before it answers the first buyer question: why should a Kong user care today?
- −It speaks like an engineer's victory lap, not a purchase-driving landing page; the audience has to work to understand which problem is most urgent.
- −The AI/MCP angle is interesting but buried under WAF internals, so the page risks sounding like a niche technical fork instead of a strategic category move.
- −There is too much comparison to ModSecurity and not enough proof of deployment outcomes like reduced false positives, lower incident volume, or faster rollout time.
- −The install section is good for engineers but weak for decision-makers; it needs a clearer path from "try it" to "approve it."
Fix these
- Lead with two distinct use cases above the fold: Kong API protection and AI agent/MCP traffic protection.
- Replace some of the architecture-heavy copy with outcome metrics such as fewer false positives, faster rule tuning, and easier Kong upgrades.
- Add a concise buyer-oriented section explaining who should choose Karna over ModSecurity, Coraza, Cloudflare WAF, or AWS WAF.
- Create a dedicated page or section for MCP/AI gateway protection with concrete examples of tools/calls, SSE streams, and allow-listing.
- Show a real before/after workflow for a security engineer: detect-only, review JSON audit logs, enable sanitization, then flip to blocking.
Drop-in replacement copy
Headline
Kong-native WAF for real traffic
Block attacks, cut false positives, and inspect AI agent requests without rebuilding Kong.
Protect Kong without the Apache baggage
Karna installs as a pure Lua plugin via LuaRocks, so you do not need to rebuild Kong or OpenResty. It fits the gateway you already run instead of forcing an ancient WAF model onto it.
Tune security without breaking customers
Use detection-only mode, per-service controls, and JSON audit logs to see exactly what matched before you block. When needed, `fix_matched_parts` can sanitize unsafe characters instead of hard-failing legitimate requests.
Understand AI agent traffic
Karna parses JSON-RPC envelopes, handles SSE event reassembly, and treats MCP-style traffic as a first-class protocol. That means your gateway can inspect agent traffic instead of guessing.
Keep CRS coverage and performance under control
Karna supports OWASP Core Rule Set 4.x, libinjection, Redis-backed counters, local rules, and virtual patching. It gives security teams a practical path from detection to blocking without turning operations into a mess.
FAQ
How is Karna different from ModSecurity?
Karna is built as a native Kong plugin in pure Lua, not a retrofitted Apache-style deployment. That gives you per-service policy control, cleaner logs, and a rollout model that matches how Kong is actually operated.
Does Karna replace our existing WAF?
It can, if your main pain is Kong-native protection, false positives, or AI gateway traffic. Many teams will use it as the WAF layer for Kong routes and services where classic tools are too blunt.
Can we test it without blocking traffic?
Yes. Karna supports detection-only mode so you can review matches in JSON audit logs before turning on blocking. That is usually the right first step for production rollouts.
How does Karna handle false positives?
It gives you local rules, virtual patching, per-service controls, and `fix_matched_parts` sanitization. In other words: you can tune the rule behavior instead of choosing between blind trust and broken requests.
Is it useful for AI gateways and MCP endpoints?
Yes. Karna explicitly understands JSON-RPC and SSE patterns used by agent and MCP traffic, so you can inspect the protocol instead of treating it like an opaque payload.
Kong users still ship Apache-era WAFs. Karna is a Kong-native WAF plugin that blocks attacks, cuts false positives, and understands MCP / JSON-RPC / SSE traffic. No rebuilds. No ModSecurity baggage. Just Lua, CRS 4.x, and control per service.
Most WAFs break AI agent traffic. Karna parses JSON-RPC envelopes, reassembles SSE events, and applies WAF rules to the actual message flow. If your gateway handles APIs and agents, treating them like raw text is how you miss attacks.
I got tired of false positives turning into support tickets. So we built `fix_matched_parts`: instead of hard-blocking good requests with risky characters, Karna can sanitize the matched parts and keep the request moving. Security without breaking checkout.
We refused to rebuild Kong for this. Karna installs as a pure Lua plugin via LuaRocks. No OpenResty patching. No sidecar drama. No Apache assumptions. If you run Kong, this should feel native because it is.
403s on valid names cost money. Free-form fields, addresses, and customer notes trip classic WAF rules all the time. Karna gives you per-service control, detection-only mode, and sanitization so you can tune before you block real users.
Your WAF ignores MCP streams. That means JSON-RPC and SSE traffic from AI agents gets inspected like random text or not inspected at all. Karna makes MCP traffic first-class so you can protect AI gateways without guessing.
Here is the cleanest WAF flow: detect-only -> review JSON audit logs -> enable `fix_matched_parts` -> flip to blocking That is how security teams actually roll this out when they do not want surprise outages.
One plugin. Three jobs. 1) Block attacks with CRS 4.x + libinjection 2) Reduce false positives with sanitization 3) Inspect AI agent traffic with MCP-aware parsing That is the stack Karna was built for.
Security teams want fewer exceptions. That is why Karna ships JSON audit logs, per-service rule control, and local rules for virtual patching. You can prove what happened, tune fast, and stop living in exception spreadsheets.
The best WAF is the one your team can actually run. Karna is source-available, Kong-native, and built for teams who want CRS coverage without Apache-era pain. If you already standardize on Kong, this removes a lot of friction.
Angle: Kong-native WAF for platform security teams
If you run Kong Gateway, your WAF should feel native. Most WAF deployments still carry Apache-era assumptions: line-based logs, awkward tuning, rebuild-heavy installs, and rules that do not map cleanly to services or routes. That is the problem Karna is built for. Karna is a Kong-native WAF plugin that installs via LuaRocks, supports OWASP CRS 4.x, uses libinjection for SQLi/XSS detection, and gives you per-service policy control. The practical part matters more than the architecture: - detection-only mode before blocking - JSON audit logs for review and triage - Redis-backed counters - local rules and virtual patching - sanitization for matched parts instead of hard failing every request For platform security teams, the goal is not “more WAF.” It is fewer false positives, faster tuning, and a gateway team that does not hate security reviews. If you run Kong and have ever had to explain a weird false positive to support, this is for you.
Angle: AI gateway / MCP traffic protection
AI traffic is already breaking a lot of security stacks. JSON-RPC envelopes, SSE streams, and MCP-style requests do not behave like old-school web forms. A classic WAF often sees them as opaque text, which leads to two bad outcomes: 1. It misses things it should inspect. 2. It blocks things it should understand. Karna was built to handle that gap. It parses MCP-aware traffic, validates JSON-RPC envelopes, reassembles SSE events, and applies policy to the actual request shape instead of treating everything like a POST body from 2014. That matters if you are shipping AI gateways, agent runtimes, or internal model APIs. The interesting part is not “AI security” as a buzzword. It is being able to inspect and control real traffic without breaking the product team’s release cadence. If your gateway sits between apps and agents, you need rules that understand the protocol, not just the payload.
Angle: False-positive reduction and operational rollout
False positives are not a small annoyance. They are broken signups, failed checkouts, support tickets, and security exceptions that never get cleaned up. That is why I like the `fix_matched_parts` approach in Karna. Instead of forcing every suspicious request into a hard 403, Karna can sanitize the dangerous characters, log the match, and let the request continue. For the right workloads, that is a much better trade than blocking real customers. The rollout path is also sane: start in detection-only mode, inspect JSON audit logs, tune per service, then decide where blocking belongs. That is how teams actually ship WAF policy without creating a fire drill. If you are responsible for login, signup, checkout, or any free-form input flow, the question is not whether you need WAF protection. It is whether your WAF can protect you without turning into a conversion tax.
No visuals for this kit yet.
Tagline
Kong-native WAF for APIs and agents
Description
Karna is a Kong-native WAF plugin that blocks attacks, reduces false positives, and understands MCP / JSON-RPC / SSE traffic. Install it with LuaRocks, tune per service, and stop treating AI agents like broken web forms.
Maker's first comment
I built Karna because I kept seeing the same pattern: teams would standardize on Kong, then bolt on a WAF that still behaved like it lived in Apache-land. That meant rebuild pain, awkward logging, and rules that didn’t map cleanly to services, routes, or real traffic patterns. The second problem was false positives. A lot of legitimate requests — especially free-form user input — get punished by generic SQLi/XSS heuristics. That is tolerable until it starts breaking signup, checkout, and support workflows. Then AI traffic showed up and made everything worse. JSON-RPC, SSE, and MCP-style requests are not random blobs, but a lot of security tooling still treats them that way. Karna is my attempt to make WAF behavior fit the gateway people actually run today: Kong-native, inspectable, tunable, and less stupid about valid traffic.
Pinned maker comment
I’d love feedback on two things: whether the Kong-native positioning is the right wedge, and whether the MCP / AI traffic angle is clear enough to matter to buyers.
Meta
Stop blocking valid checkout traffic
Hypothesis: platform security engineers running Kong are losing conversions to WAF false positives. Karna is a Kong-native WAF plugin that can sanitize matched parts, inspect requests per service, and reduce bad blocks without rebuilding your gateway.
Google Search
Kong WAF plugin for API security
Hypothesis: teams searching for ModSecurity alternatives on Kong want CRS coverage without Apache-era operations. Karna installs as a Lua plugin, supports CRS 4.x, and adds detection-only, blocking, and JSON audit logs for fast tuning.
Reddit Promoted
Your WAF is probably blind to MCP
Hypothesis: DevSecOps and AI platform engineers need a WAF that understands JSON-RPC and SSE, not just forms and headers. Karna inspects MCP-style traffic natively in Kong, so you can protect agent endpoints without guessing.
Subreddits
r/SideProject
Build-in-public launch post about replacing Apache-era WAF assumptions in Kong and what you learned shipping an AI-aware plugin
Rules: No pure promo; share the problem, architecture decisions, and what surprised you. Keep it educational and concise.
r/indiehackers
How you found a narrow but painful ICP: Kong users dealing with false positives and AI gateway traffic
Rules: Be transparent, include lessons, and avoid spammy product-first framing.
r/microsaas
A niche infrastructure product that solves a real operational headache for a very specific buyer
Rules: Share product-market fit thinking, pricing, and distribution lessons; avoid generic launch hype.
r/devops
Technical discussion on WAF tuning, Kong-native plugins, and why detection-only mode matters before blocking
Rules: Must be genuinely technical and framed as a discussion or case study, not an ad.
r/EntrepreneurRideAlong
Journey of building a source-available security plugin and the customer pain that justified it
Rules: Story-first. Include process, mistakes, and progress. No drive-by links without context.
Communities
Post a real build log, then reply thoughtfully to every comment with specifics about Kong, CRS tuning, and distribution.
Share implementation notes and ask for feedback from Kong users on plugin ergonomics, logs, and rule control.
Join the appsec channels and ask protocol-level questions about false positives, CRS tuning, and WAF behavior without pitching.
Cold outreach template
Hey {firstName} — saw you’re working on {context}. We built Karna because Kong users kept getting stuck between ModSecurity false positives and awkward AI/MCP traffic handling. If you’re open, I’d love to show you the 2-minute rollout flow and get your take.
Product Hunt timing
Launch on Tuesday at 9:00 AM US Pacific time. That hits US morning and gives you the full weekday for replies, while also catching Europe before lunch; the ICP is technical and more likely to engage during working hours than on a weekend.
Indie Hackers post ideas
- 01Why I built a Kong-native WAF instead of another ModSecurity wrapper
- 02What false positives actually cost on signup and checkout flows
- 03How we made JSON-RPC, SSE, and MCP traffic first-class in a WAF
Competitor alternatives
Current tone of voice
Technical, opinionated, and mildly combative toward legacy WAFs; for example, it says "Built for Kong. Not bolted on from Apache." and "throws out the baggage."
Your kit is ready. Sign up free to unlock, takes 10 seconds.
7 more X posts · 2 LinkedIn · Product Hunt copy · ad hooks · 100-user playbook · landing critique