Coraza Server is the most ambitious implementation of Coraza WAF

Coraza Server is the most ambitious implementation of Coraza WAF, it's designed to integrate with systems written in different languages, like C, using multiple protocols like SPOA, REST and GRPC.

Installing

To install coraza library you are required to have a C compiler, libinjection and pcre installed, see https://coraza.io/docs/tutorials/dependencies/

If you cannot install these dependencies you may

go install github.com/jptosso/coraza-server/cmd/coraza-server@master

Using as a Container

Using in K8

Configuration

Configuration is not stable yet.

Protocol development status

SPOA

  • API Stability: Unstable
  • Code Stability: Unstable
  • Documentation: Not available yet

REST

  • API Stability: Not designed yet
  • Code Stability: Not written
  • Documentation: Not available yet

GRPC

  • API Stability: Under development
  • Code Stability: Not written
  • Documentation: Not available yet

Installing plugins

To install Coraza plugins you must copy the content from cmd/coraza-server/main.go and add the dependencies named with _, for example:

package main

import (
	"flag"
	"os"
	"sync"

	"github.com/jptosso/coraza-server/config"
	"github.com/jptosso/coraza-server/protocols"
	"github.com/jptosso/coraza-waf"
	"github.com/jptosso/coraza-waf/seclang"
	"github.com/sirupsen/logrus"
	"gopkg.in/yaml.v2"

    // Plugins
    _ "github.com/path/to-plugin"
)

References

TODO

  • Add workers limit to SPOP
  • Document SPOP
  • Create REST protocol
  • Create GRPC protocol
  • Normalize settings
  • Regression tests
  • Replace SPOA library with a custom one
Owner
Juan Pablo Tosso
I like computers. I really do.
Juan Pablo Tosso
Similar Resources

Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

hashfs Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

Dec 1, 2022

A Go language implementation of the proposed ads.cert protocols for integration in programmatic ads solutions.

go-adscert A Go language implementation of the proposed ads.cert protocols for integration in programmatic ads solutions. This repository is a work-in

Jun 4, 2021

PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Dec 30, 2022

Consistent hashing hashring implementation.

hashring Consistent hashing hashring implementation. Overview This is an implementation of the consistent hashing hashring data structure. In general,

Nov 11, 2022

Implementation of Secret Service API

Secret Service Implementation of Secret Service API What does this project do? By using secret service, you don't need to use KeePassXC secretservice

Dec 21, 2022

Implementation of polynomial KZG proofs and 257-ary verkle trie

Implementation of polynomial KZG proofs and 257-ary verkle trie

257-ary verkle trie Disclaimer: the code in this package is experimental. It can only be used in research and is not suitable for use in production. T

Dec 14, 2022

Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode

Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode

🐸 Frog For Automatic Scan 🐶 Doge For Defense Evasion&Offensive Security Doge-sRDI Shellcode implementation of Reflective DLL Injection by Golang. Co

Dec 8, 2022

Exploratory implementation of the Eva virtual machine

Eva Exploratory implementation of the Eva virtual machine in pure Go. Eva is a simple virtual machine designed for educational use. This is not intend

Dec 27, 2021

Golang implementation of ECVRF-EDWARDS25519-SHA512-TAI, a verifiable random function described in draft-irtf-cfrg-vrf-10.

Go-ECVRF Go-ECVRF is a library that implements ECVRF-EDWARDS25519-SHA512-TAI, a verifiable random function described in draft-irtf-cfrg-vrf-10. By des

Aug 10, 2022
Comments
  • Request body checking does not work

    Request body checking does not work

    Description

    Request body checking does not work because request body is always empty.

    Code with issues

    File, protocols/spoa/request_processor.go Line 25, value, ok = arg.Value.(string)

    The arg.Value is not string for request body, however it's []byte

    Steps to reproduce

    Send a request and check the request body

    Expected result

    The request body could be checked.

    CRS rule id 921110 could be matched by send below request curl -X POST http://localhost:8888/ -d "var=%0aPOST / HTTP/1.0" -H 'Content-Type: text/plain'

    Actual result

    Request body check does not work.

Coraza WAF Gin-gonic middleware

This is a test middleware for Ginonic powered by Coraza Web Application Firewall. You may check the WAF documentation at coraza.io Looking for contrib

Nov 9, 2022
A web-based testing platform for WAF (Web Application Firewall)'s correctness

WAFLab ?? WAFLab is a web-based platform for testing WAFs. Live Demo https://waflab.org/ Architecture WAFLab contains 2 parts: Name Description Langua

Oct 25, 2022
The most complete TigoPesa API Wrapper written in golang with zero external dependencies. Supports Push Pay, C2B and B2C.

tigopesa tigopesa is open source fully compliant tigo pesa client written in golang contents usage example projects links contributors sponsors usage

Jan 9, 2022
🍷 Find exploits and vulnerabilities in the most important databases.
🍷 Find exploits and vulnerabilities in the most important databases.

?? Dionisio Dionisio is a tool that can automate the search for exploits and vulnerabilities. Written in Go and open source, Dionisio has an advanced

Mar 14, 2022
Nmapservices - Most common ports with golang

Sample use package main import ( "fmt" "log" "github.com/jreisinger/nmapser

Apr 21, 2022
CVE-2021-4034 - A Golang implementation of clubby789's implementation of CVE-2021-4034

CVE-2021-4034 January 25, 2022 | An00bRektn This is a golang implementation of C

Feb 3, 2022
Pure Go implementation of the NaCL set of API's

go-nacl This is a pure Go implementation of the API's available in NaCL: https://nacl.cr.yp.to. Compared with the implementation in golang.org/x/crypt

Dec 16, 2022