Coraza Web Application Firewall
Coraza WAF is a Golang implementation of Modsecurity built from scratch, it supports most of the features from ModSecurity but aims to be a completely different implementation with many new capabilities and extensibility.
This project is not intended for production yet, APIs are going to change, it's not secure enough and it might crash.
Table of Contents
TO-DO
- Normalize API
- Add more settings
- Replace libinjection for something awesome, maybe AI?
- Create Documentation
- Audit Logging (syslog, ES and concurrent)
- Logrotate support
- Autoconf
- Optimize pcre compilation instructions
- OWASP CRS Full Support (almost there)
- Benchmarking tools
- Plugin system
- Add settings reload feature
- Cache geoip to enhance speed
- Add clustering features
- Add support for plugins
- OpenAPI 3.0 Enforcement
Docker
docker build -t coraza-waf .
docker run -d -it -p 8080:8080 --name=coraza-waf coraza-waf --host=0.0.0.0
If you want to use your own settings, you must set the volume of /etc/coraza/ to your custom virtual path.
Usage
Using Skipper filter sample:
-> corazaWAF("/path/to/rules.conf", "/path/to/datafiles")
Sample:
baidu:
Path("/baidu")
-> corazaWAF("/path/to/rules.conf", "/path/to/datafiles")
-> setRequestHeader("Host", "www.baidu.com")
-> setPath("/s")
-> setQuery("wd", "godoc skipper")
-> "http://www.baidu.com";
Compile from source
Compilation prerequisites: golang 1.11>, C compiler, libpcre++-dev, libinjection compiled (use make libinjection
)
You can compile each package individually running: go build cmd/skipper/main.go
or using the make scripts.
make
sudo make install
Compile as a skipper plugin
Change package name of pkg/skipper/filters.go from skipper to main and then:
GO111MODULE=on go build -buildmode=plugin -o coraza.so pkg/skipper/filters.go
skipper -filter-plugin coraza
Non implemented features
Variables
- AUTH_TYPE
- DURATION
- ENV
- HIGHEST_SEVERITY
- INBOUND_DATA_ERROR
- MATCHED_VAR
- MATCHED_VARS
- MATCHED_VAR_NAME
- MATCHED_VARS_NAMES
- MULTIPART_CRLF_LF_LINES
- MULTIPART_STRICT_ERROR
- MULTIPART_UNMATCHED_BOUNDARY
- OUTBOUND_DATA_ERROR
- PATH_INFO
- PERF_ALL
- PERF_COMBINED
- PERF_GC
- PERF_LOGGING
- PERF_PHASE1
- PERF_PHASE2
- PERF_PHASE3
- PERF_PHASE4
- PERF_PHASE5
- PERF_RULES
- PERF_SREAD
- PERF_SWRITE
- REMOTE_USER
- REQBODY_ERROR
- REQBODY_ERROR_MSG
- RESPONSE_PROTOCOL
- RESPONSE_STATUS
- RULE
- SERVER_ADDR
- SERVER_NAME
- SERVER_PORT
- SESSION
- SESSIONID
- STATUS_LINE
- STREAM_INPUT_BODY
- STREAM_OUTPUT_BODY
- TIME
- TIME_DAY
- TIME_EPOCH
- TIME_HOUR
- TIME_MIN
- TIME_MON
- TIME_SEC
- TIME_WDAY
- TIME_YEAR
- UNIQUE_ID
- URLENCODED_ERROR
- USERID
- USERAGENT_IP
- WEBAPPID
- WEBSERVER_ERROR_LOG
- XML
Operators
- fuzzyHash
- gsbLookup
- inspectFile
- noMatch
- validateDTD
- validateHash
- validateSchema
- verifyCC
Actions
- append
- deprecatevar
- prepend
- proxy
- redirect
- sanitiseArg
- sanitiseMatched
- sanitiseMatchedBytes
- sanitiseRequestHeader
- sanitiseResponseHeader
- setuid
- setrsc
- setsid
- setenv
- xmlns
Transformations
- cssDecode
- jsDecode
License
Apache 2 License, please check the LICENSE file for full details.