Kali Linux

OWASP Coraza WAF : A Golang Modsecurity Compatible Web Application Firewall Library

OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset.

Prerequisites

  • Linux distribution (Debian and Centos are recommended, Windows is not supported yet)
  • Golang compiler v1.16+

Migrate from v1

  • Rollback SecAuditLog to the legacy syntax (serial/concurrent)
  • Attach an error log handler using waf.SetErrorLogCb(cb) (optional)
  • the function Transaction.Clean() must be used to clear transaction data, files and take them back to the sync pool.
  • If you are using low level APIs check the complete changelog as most of them were removed.
  • OWASP CRS does not require any external dependency anymore

Running the tests

Run the go tests:

go test ./…
go test -race ./…

Using pre-commit

pip install pre-commit
pre-commit run –all-files

ou can also install the pre-commit git hook by running

pre-commit install

Coraza v2 differences with v1

  • Full internal API refactor, public API has not changed
  • Full audit engine refactor with plugins support
  • New enhanced plugins interface for transformations, actions, body processors, and operators
  • We are fully compliant with Seclang from modsecurity v2
  • Many features removed and transformed into plugins: XML (Mostly), GeoIP and PCRE regex
  • Better debug logging
  • New error logging (like modsecurity)
  • Better performance

Your first Coraza WAF project

package main
import(
“fmt”
“github.com/corazawaf/coraza/v2”
“github.com/corazawaf/coraza/v2/seclang”
)
func main() {
// First we initialize our waf and our seclang parser
waf := coraza.NewWaf()
parser, _ := seclang.NewParser(waf)
// Now we parse our rules
if err := parser.FromString(SecRule REMOTE_ADDR "@rx .*" "id:1,phase:1,deny,status:403"); err != nil {
fmt.Println(err)
}
// Then we create a transaction and assign some variables
tx := waf.NewTransaction()
defer func(){
tx.ProcessLogging()
tx.Clean()
}()
tx.ProcessConnection(“127.0.0.1”, 8080, “127.0.0.1”, 12345)
// Finally we process the request headers phase, which may return an interruption
if it := tx.ProcessRequestHeaders(); it != nil {
fmt.Printf(“Transaction was interrupted with status %d\n”, it.Status)
}
}

Download
R K

Leave a Comment
Share
Published by
R K
Tags: Golang ModsecurityOWASP Coraza WAFweb application
3 years ago

Recent Posts

How Web Application Firewalls (WAFs) Work

General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…

3 days ago

How to Send POST Requests Using curl in Linux

How to Send POST Requests Using curl in Linux If you work with APIs, servers,…

3 days ago

What Does chmod 777 Mean in Linux

If you are a Linux user, you have probably seen commands like chmod 777 while…

3 days ago

How to Undo and Redo in Vim or Vi

Vim and Vi are among the most powerful text editors in the Linux world. They…

3 days ago

How to Unzip and Extract Files in Linux

Working with compressed files is a common task for any Linux user. Whether you are…

3 days ago

Free Email Lookup Tools and Reverse Email Search Resources

In the digital era, an email address can reveal much more than just a contact…

3 days ago