de to defend web services against automated bots, scrapers, crawlers, and AI agents. The tool is positioned as a privacy-first access guard that aims to block non-human traffic from reaching protected services, while minimizing the impact on legitimate users. Gandalf inspects incoming browser requests and determines whether they originate from real visitors or suspicious automated clients. For those using supported browsers, the verification process is brief and minimally intrusive, whereas requests deemed suspicious face additional challenges or are blocked entirely.
The platform was created to address the growing prevalence of automated traffic on the web, which includes malicious bots that harvest content, scrape data for AI training, attempt credential stuffing, or collect contact information for spam. Gandalf is specifically intended to protect independent and community-operated services, such as alternative frontends to major platforms, from being overwhelmed by non-human requests. It is designed to ensure that server resources and upstream quotas are preserved for actual users, preventing service degradation and excessive costs caused by bot activity.
A notable aspect of Gandalf is its commitment to privacy. Unlike outsourced solutions that route traffic through third-party infrastructure and may compromise user data, Gandalf operates under the principle that bot protection should not require surrendering visitor privacy. The tool is self-hosted, giving operators full control over their data and the verification process.
However, Gandalf’s approach also results in some trade-offs. Programmatic access points such as APIs and RSS feeds are blocked, as are automated link preview generators used by messaging platforms like WhatsApp, Telegram, and Signal. The system supports only standard browsers as clients, reflecting its focus on distinguishing human users from bots. Gandalf is intended for sysadmins and operators of privacy-focused or independent web services who require robust, self-managed bot protection without relying on external vendors.
Gandalf is a Security & compliance platforms product. It focuses on preventing automated bots and scrapers from accessing web services while preserving user privacy. It is built as a B2B product for developers and sysadmins managing web infrastructure. The product is available for free. The product ships for the command line, and it can be self-hosted.
It is developed by NerdVPN.de (Germany), and the product first shipped in 2025. Development happens publicly on GitHub with 14 stars. Key capabilities include bot blocking, privacy-first, and self-hosted.
Latest indexed changes and source events
Gandalf – a self-hosted, privacy-first access guard verified by the PulseGate indexer
Other apps tracked under the same category.