Security-focused infrastructure software: hardened nginx/Angie modules, a mail-filtering stack in Go, and OWASP CRS hardening plugins — everything packaged and served as ready-to-install Debian/Ubuntu packages at deb.myguard.nl.
Package repository — deb.myguard.nl
Our APT repository ships nginx and Angie builds with HTTP/3, compile-time hardening, and a large set of dynamic modules, plus supporting packages (rspamd, dovecot, clamav, libmodsecurity, lua-resty, and more) for Debian and Ubuntu on amd64 + arm64. Install instructions, the full package index, and in-depth articles live on the site. Full directive reference for every module: modules synopsis. Bugs and requests go to the deb.myguard.nl issue tracker.
Dynamic modules, all shipped pre-built in the APT repo:
- nginx-cache-turbo-module — edge page cache: shared-memory cache, stale-while-revalidate, probabilistic single-flight refresh
- nginx-strip-filter-module — smart HTML/CSS/JS/JSON response-body minifier
- nginx-error-abuse-module — rate-limits clients that hammer your site with 404s
- nginx-autocert-module — automatic certificates via the ACME protocol
- nginx-zstd-module — Zstandard compression, fixed and maintained
- nginx-http-sentinel-module — experimental: client reputation + JA4+ fingerprinting + AI-scraper tarpit
Out-of-process attachment analysis and hash-clearinghouse clients, built for busy rspamd/SpamAssassin pipelines:
- mailstrix — the owl that finds malware hiding in your mail: recursively unwraps OLE2/OOXML, VBA, RTF, PDF, and nested archives until YARA rules can see the dangerous bits
- gozer — standalone Go binary bundling DCC/Razor/Pyzor with an HTTP backend
- gazor / gyzor / gdcc — pure-Go clients for Razor 2, Pyzor, and DCC — each a library, CLI, and daemon
- rspamd-dcc-razor-pyzor — rspamd plugin + Docker image wiring the Go clients in, with optional Redis caching
- rspamd-olefy — front-end wrapping oletools VBA-macro scanning for rspamd
- rspamd-kam-rules — SpamAssassin KAM rules transpiled to rspamd
False-positive exclusions plus opt-in positive-security allowlists for apps behind OWASP CRS 4.x:
- wordpress-hardening-plugin — harden WordPress behind CRS
- vimbadmin-crs-plugin — CRS plugin for ViMbAdmin
- vaultwarden-crs-plugin — CRS plugin for Vaultwarden (Bitwarden), JSON-API aware
- ViMbAdmin — modernised 2026 fork of the virtual mailbox admin panel
- dockerized — the Docker stacks we run in production; images on Docker Hub
- build_psol — build scripts for the PageSpeed Optimization Library (PSOL) (archived)
- APT repo + blog: deb.myguard.nl
- nginx stack + modules: deb.myguard.nl/nginx-modules
- Angie stack + modules: deb.myguard.nl/angie-modules-optimized-extended
- Module directive reference: deb.myguard.nl/nginx/modules-synopsis
- Package issues: myguard-labs/deb.myguard.nl
- Docker Hub: hub.docker.com/u/eilandert
- Find us on Discord: deb.myguard.nl/contact