Coraza WAF is a Golang implementation of Modsecurity built from scratch, it supports most of the features from ModSecurity but aims to be a completely different implementation with many new capabilities and extensibility.
This project is not intended for production yet, APIs are going to change, it's not secure enough and it might crash.
Compilation prerequisites:
- golang 1.13+
- C compiler (gcc)
- Libpcre++-dev
GO111MODULE=on go build -buildmode=plugin -o coraza.so cmd/coraza-waf/skipper.go
skipper -filter-plugin coraza.so
Golang test suite:
git clone --recursive https://github.com/jptosso/coraza-waf
cd coraza-waf/
go test ./... -v
Test against OWASP CRS
git clone --recursive https://github.com/jptosso/coraza-waf
# Create your OWASP CRS package owasp-crs.conf
cd coraza-waf/
go run cmd/testsuite/main.go -path docs/rs -rules crs/some-rules.conf
package main
import(
"github.com/jptosso/coraza-waf/pkg/engine"
"github.com/jptosso/coraza-waf/pkg/parser"
"fmt"
)
func main(){
// Create waf instance
waf := engine.NewWaf()
// Parse some rules
p, _ := parser.NewParser(waf)
p.FromString(`SecRule REQUEST_HEADERS:test "TestValue" "id:1, drop, log"`)
// Create Transaction
tx := waf.NewTransaction()
tx.AddRequestHeader("Test", "TestValue")
tx.ExecutePhase(2)
if tx.Disrupted{
fmt.Println("Transaction disrupted")
}
}
Coraza WAF can be configured with OWASP CRS without the need to download and setup the packages. The pkg.crs
package contains tools to automatically import and setup CRS.
Apache 2 License, please check the LICENSE file for full details.