Coraza WAF is a Golang implementation of Modsecurity built from scratch, it supports most of the features from ModSecurity but aims to be a completely different implementation with many new capabilities and extensibility.
This project is not intended for production yet, APIs are going to change, it's not secure enough and it might crash.
Compilation prerequisites:
- golang 1.13+
- C compiler (gcc)
- Libpcre++-dev
You can compile each package individually running: go build cmd/coraza-waf/*.go or using the make scripts.
$ git clone --recursive https://github.com/jptosso/coraza-waf
# if already cloned use git submodule update --init --recursive
$ cd coraza-waf
# Get dependencies
$ go get ./...
$ make
$ sudo make install
You can install Coraza WAF directly from the official PPA repository:
sudo add-apt-repository ppa:jptosso/coraza
sudo apt-get update
sudo apt install corazawaf
GO111MODULE=on go build -buildmode=plugin -o coraza.so cmd/coraza-waf/skipper.go
skipper -filter-plugin coraza.so
Golang test suite:
git clone --recursive https://github.com/jptosso/coraza-waf
cd coraza-waf/
go test ./... -v
Test against OWASP CRS
git clone --recursive https://github.com/jptosso/coraza-waf
# Create your OWASP CRS package owasp-crs.conf
cd coraza-waf/
go run cmd/testsuite/main.go -path docs/rs -rules crs/some-rules.conf
$ docker run --name my-waf -v /some/config/routes.eskip:/etc/coraza-waf/routes.eskip:ro -d -p 9090:9090 jptosso/coraza-waf
Alternatively, a simple Dockerfile can be used to generate a new image that includes the necessary content (which is a much cleaner solution than the bind mount above):
FROM jptosso/coraza-waf
COPY static-settings-directory /etc/coraza-waf
Place this file in the same directory as your directory of content ("static-settings-directory"), run docker build -t my-waf ., then start your container:
$ docker run --name my-waf -d -p 9090:9090 some-waf-server
Then you can hit http://localhost:9090 or http://host-ip:9090 in your browser.
Files and directories:
- /etc/coraza-waf/skipper.yaml: Contains the options that will be imported by Skipper by default.
- /etc/coraza-waf/routes.eskip: Contains the routes that will be used by Skipper.
- /etc/coraza-waf/profiles/default/rules.conf: Placeholder file with default options.
- /opt/coraza/var/log/coraza-waf/access.log: Access log for Skipper.
- /opt/coraza/var/log/coraza-waf/system.log: Skipper + Coraza system logs
- /opt/coraza/var/log/coraza-waf/audit.log: Audit log, contains references for each audit log, more information here.
- /opt/coraza/var/log/coraza-waf/audit/: This directory contains the concurrent logs created by the audit engine.
- /usr/local/bin/coraza-waf: Coraza WAF binary location.
Sample eskip configuration:
#/etc/coraza-waf/routes.eskip
samplesite:
Path("/")
-> corazaWAF("/etc/coraza-waf/profiles/default/rules.conf")
-> setRequestHeader("Host", "www.samplesite.com")
-> "https://www.samplesite.com";
For more configuration options and SSL check Skipper Documentation.
package main
import(
"github.com/jptosso/coraza-waf/pkg/engine"
"github.com/jptosso/coraza-waf/pkg/parser"
"fmt"
)
func main(){
// Create waf instance
waf := engine.NewWaf()
// Parse some rules
p, _ := parser.NewParser(waf)
p.FromString(`SecRule REQUEST_HEADERS:test "TestValue" "id:1, drop, log"`)
// Create Transaction
tx := waf.NewTransaction()
tx.AddRequestHeader("Test", "TestValue")
tx.ExecutePhase(1)
if tx.Disrupted{
fmt.Println("Transaction disrupted")
}
}
$ coraza-waf -m rpc -f /etc/coraza-waf/rpc.yaml
Check our official wrappers:
More information available here.
Coraza WAF gRPC applications can be configured to automatically import and setup OWASP CRS, just enable CRS as a feature in the service.yaml file and set config.crs.template_dir to your OWASP CRS path or /etc/coraza-waf/crs/ if coraza is installed.
You may check the customization options here.
Coraza WAF can be configured with OWASP CRS without the need to download and setup the packages. The pkg.crs package contains tools to automatically import and setup CRS.
- Docker -> Application
- Nginx + Coraza WAF Reverse Proxy -> Application
- Nginx + Coraza WAF RPC -> Application
- Coraza WAF Reverse Proxy -> Application
- Application + Coraza WAF (rpc)
- Kubern8 Ingress Controller -> Application
Apache 2 License, please check the LICENSE file for full details.