GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jptosso → Coraza Waf

jptosso / Coraza Waf

Licence: apache-2.0
Coraza WAF is a golang modsecurity compatible web application firewall library with embedded reverse proxy.

Programming Languages

go
31211 projects - #10 most used programming language

Build Status Bugs Lines of Code Maintainability Rating Coverage CodeQL GoDoc

Coraza Web Application Firewall

Coraza WAF is a Golang implementation of Modsecurity built from scratch, it supports most of the features from ModSecurity but aims to be a completely different implementation with many new capabilities and extensibility.

This project is not intended for production yet, APIs are going to change, it's not secure enough and it might crash.

Table of Contents

Compile from source

Compilation prerequisites:

  • golang 1.13+
  • C compiler (gcc)
  • Libpcre++-dev

You can compile each package individually running: go build cmd/coraza-waf/*.go or using the make scripts.

$ git clone --recursive https://github.com/jptosso/coraza-waf
# if already cloned use git submodule update --init --recursive
$ cd coraza-waf
# Get dependencies
$ go get ./...
$ make
$ sudo make install

Install (Ubuntu)

You can install Coraza WAF directly from the official PPA repository:

sudo add-apt-repository ppa:jptosso/coraza
sudo apt-get update
sudo apt install corazawaf

Compile as a skipper plugin

GO111MODULE=on go build -buildmode=plugin -o coraza.so cmd/coraza-waf/skipper.go
skipper -filter-plugin coraza.so

Test

Golang test suite:

git clone --recursive https://github.com/jptosso/coraza-waf
cd coraza-waf/
go test ./... -v

Test against OWASP CRS

git clone --recursive https://github.com/jptosso/coraza-waf
# Create your OWASP CRS package owasp-crs.conf
cd coraza-waf/
go run cmd/testsuite/main.go -path docs/rs -rules crs/some-rules.conf

Run with Docker

$ docker run --name my-waf -v /some/config/routes.eskip:/etc/coraza-waf/routes.eskip:ro -d -p 9090:9090 jptosso/coraza-waf

Alternatively, a simple Dockerfile can be used to generate a new image that includes the necessary content (which is a much cleaner solution than the bind mount above):

FROM jptosso/coraza-waf
COPY static-settings-directory /etc/coraza-waf

Place this file in the same directory as your directory of content ("static-settings-directory"), run docker build -t my-waf ., then start your container:

$ docker run --name my-waf -d -p 9090:9090 some-waf-server

Then you can hit http://localhost:9090 or http://host-ip:9090 in your browser.

Using Reverse Proxy WAF

Files and directories:

  • /etc/coraza-waf/skipper.yaml: Contains the options that will be imported by Skipper by default.
  • /etc/coraza-waf/routes.eskip: Contains the routes that will be used by Skipper.
  • /etc/coraza-waf/profiles/default/rules.conf: Placeholder file with default options.
  • /opt/coraza/var/log/coraza-waf/access.log: Access log for Skipper.
  • /opt/coraza/var/log/coraza-waf/system.log: Skipper + Coraza system logs
  • /opt/coraza/var/log/coraza-waf/audit.log: Audit log, contains references for each audit log, more information here.
  • /opt/coraza/var/log/coraza-waf/audit/: This directory contains the concurrent logs created by the audit engine.
  • /usr/local/bin/coraza-waf: Coraza WAF binary location.

Sample eskip configuration:

#/etc/coraza-waf/routes.eskip
samplesite:
        Path("/")
        -> corazaWAF("/etc/coraza-waf/profiles/default/rules.conf")
        -> setRequestHeader("Host", "www.samplesite.com")
        -> "https://www.samplesite.com";

For more configuration options and SSL check Skipper Documentation.

Using as a library

package main

import(
	"github.com/jptosso/coraza-waf/pkg/engine"
	"github.com/jptosso/coraza-waf/pkg/parser"
	"fmt"
)

func main(){
	// Create waf instance
	waf := engine.NewWaf()

	// Parse some rules
	p, _ := parser.NewParser(waf)
	p.FromString(`SecRule REQUEST_HEADERS:test "TestValue" "id:1, drop, log"`)

	// Create Transaction
	tx := waf.NewTransaction()
	tx.AddRequestHeader("Test", "TestValue")
	tx.ExecutePhase(1)
	if tx.Disrupted{
		fmt.Println("Transaction disrupted")
	}
}

Using as a gRPC service

$ coraza-waf -m rpc -f /etc/coraza-waf/rpc.yaml

Check our official wrappers:

More information available here.

Using gRPC with OWASP CRS

Coraza WAF gRPC applications can be configured to automatically import and setup OWASP CRS, just enable CRS as a feature in the service.yaml file and set config.crs.template_dir to your OWASP CRS path or /etc/coraza-waf/crs/ if coraza is installed.

You may check the customization options here.

Using the CRS engine

Coraza WAF can be configured with OWASP CRS without the need to download and setup the packages. The pkg.crs package contains tools to automatically import and setup CRS.

Deployment options

License

Apache 2 License, please check the LICENSE file for full details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].