Coraza WAF is a Golang implementation of Modsecurity built from scratch, it supports most of the features from ModSecurity but aims to be a completely different implementation with many new capabilities and extensibility.
This project is not intended for production yet, APIs are going to change, it's not secure enough and it might crash.
- Normalize API
- Add more settings
- Replace libinjection for something awesome, maybe AI?
- Create Documentation
- Audit Logging (syslog, ES and concurrent)
- Logrotate support
- Autoconf
- Optimize pcre compilation instructions
- OWASP CRS Full Support (almost there)
- Benchmarking tools
- Plugin system
- Add settings reload feature
- Cache geoip to enhance speed
- Add clustering features
- Add support for plugins
- OpenAPI 3.0 Enforcement
docker build -t coraza-waf .
docker run -d -it -p 8080:8080 --name=coraza-waf coraza-waf --host=0.0.0.0
If you want to use your own settings, you must set the volume of /etc/coraza/ to your custom virtual path.
Using Skipper filter sample:
-> corazaWAF("/path/to/rules.conf", "/path/to/datafiles")
Sample:
baidu:
Path("/baidu")
-> corazaWAF("/path/to/rules.conf", "/path/to/datafiles")
-> setRequestHeader("Host", "www.baidu.com")
-> setPath("/s")
-> setQuery("wd", "godoc skipper")
-> "http://www.baidu.com";
Compilation prerequisites: golang 1.11>, C compiler, libpcre++-dev, libinjection compiled (use make libinjection)
You can compile each package individually running: go build cmd/skipper/main.go or using the make scripts.
make
sudo make install
Change package name of pkg/skipper/filters.go from skipper to main and then:
GO111MODULE=on go build -buildmode=plugin -o coraza.so pkg/skipper/filters.go
skipper -filter-plugin coraza
- AUTH_TYPE
- DURATION
- ENV
- HIGHEST_SEVERITY
- INBOUND_DATA_ERROR
- MATCHED_VAR
- MATCHED_VARS
- MATCHED_VAR_NAME
- MATCHED_VARS_NAMES
- MULTIPART_CRLF_LF_LINES
- MULTIPART_STRICT_ERROR
- MULTIPART_UNMATCHED_BOUNDARY
- OUTBOUND_DATA_ERROR
- PATH_INFO
- PERF_ALL
- PERF_COMBINED
- PERF_GC
- PERF_LOGGING
- PERF_PHASE1
- PERF_PHASE2
- PERF_PHASE3
- PERF_PHASE4
- PERF_PHASE5
- PERF_RULES
- PERF_SREAD
- PERF_SWRITE
- REMOTE_USER
- REQBODY_ERROR
- REQBODY_ERROR_MSG
- RESPONSE_PROTOCOL
- RESPONSE_STATUS
- RULE
- SERVER_ADDR
- SERVER_NAME
- SERVER_PORT
- SESSION
- SESSIONID
- STATUS_LINE
- STREAM_INPUT_BODY
- STREAM_OUTPUT_BODY
- TIME
- TIME_DAY
- TIME_EPOCH
- TIME_HOUR
- TIME_MIN
- TIME_MON
- TIME_SEC
- TIME_WDAY
- TIME_YEAR
- UNIQUE_ID
- URLENCODED_ERROR
- USERID
- USERAGENT_IP
- WEBAPPID
- WEBSERVER_ERROR_LOG
- XML
- fuzzyHash
- gsbLookup
- inspectFile
- noMatch
- validateDTD
- validateHash
- validateSchema
- verifyCC
- append
- deprecatevar
- prepend
- proxy
- redirect
- sanitiseArg
- sanitiseMatched
- sanitiseMatchedBytes
- sanitiseRequestHeader
- sanitiseResponseHeader
- setuid
- setrsc
- setsid
- setenv
- xmlns
- cssDecode
- jsDecode
Apache 2 License, please check the LICENSE file for full details.