Giters

swanson / wafris-rb

Wafris Client for Rails and Rack applications

Home Page:https://wafris.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Wafris for Ruby/Rails

Wafris is an open-source Web Application Firewall (WAF) that runs within Rails (and other frameworks) powered by Redis.

Paired with Wafris Hub, you can create rules to block malicious traffic from hitting your application.

Rules and Graph

Rules like:

  • Block IP addresses (IPv6 and IPv4) from making requests
  • Block on hosts, paths, user agents, parameters, and methods
  • Rate limit (throttle) requests
  • Visualize inbound traffic and requests

Need a better explanation? Read the overview at: wafris.org

Installation and Configuration

The Wafris Ruby client is a gem that installs a Rack middleware into your Rails/Sinatra/Rack application that communicates with a Redis instance.

Requirements

  • Redis-rb 4.8+
  • Rails 5+
  • Ruby 2.5+

Setup

1. Connect on Wafris Hub

Go to https://wafris.org/hub to create a new account and follow the instructions to link your Redis instance.

Note: In Step 3, you'll use this same Redis URL in your app configuration.

2. Add the gem to your application

Update your Gemfile to include the Wafris gem and run bundle install

# Gemfile
gem 'wafris'

3. Set your Redis Connection

Specify your redis with the following initializer. We recommend storing the Redis URL as an environment variable or in a secret management system of your choosing rather than hard coding the string in the initializer.

# Create this file and add the following:
# config/initializers/wafris.rb

Wafris.configure do |c|
    c.redis = Redis.new(
      url: ENV['PUT_YOUR_REDIS_URL_HERE']
    )
end

For more details and troubleshooting on the initializer, please read our Wafris Initializer Guide.

Not sure what Redis provider to use? Please read our Wafris Redis Providers Guide

4. Deploy your application

When deploying your application, you should see the following in your logs:

[Wafris] attempting firewall connection via Wafris.configure initializer.
[Wafris] firewall enabled. Connected to Redis on <host from Redis URL>. Ready to process requests. Set rules at: https://wafris.org/hub

Trusted Proxies

If you have Cloudflare, Expedited WAF, or another service in front of your application that modifies the x-forwarded-for HTTP Request header, please review how to configure Trusted Proxy Ranges

Help / Support

About

Wafris Client for Rails and Rack applications

https://wafris.org

License:Other

Languages

Language:Ruby 100.0%