๐พ
WAFLab WAFLab is a web-based platform for testing WAFs.
Live Demo
Architecture
WAFLab contains 2 parts:
Name | Description | Language | Source code |
---|---|---|---|
Frontend | Web frontend UI for WAFLab | Javascript + React + Ant Design | https://github.com/microsoft/waflab/tree/master/web |
Backend | RESTful API backend for WAFLab | Golang + Beego + MySQL | https://github.com/microsoft/waflab |
Installation
Prerequisites
- Go
- NPM (shipped with Node.js)
- Docker (e.g., Docker Desktop on Windows 10)
Server-side
Get the source code from Github via Git
git clone https://github.com/microsoft/waflab.git
Set up the database
WAFLab use database to store generated testcases and test results.
Prepare a Xorm ORM supported database (MySQL is recommended), replace root:123@tcp(localhost:3306)/
in conf/app.conf with your own connection string. WAFLab will create a database named waflab
and necessary tables in it if not exist. All Xorm supported databases are listed here.
Setup Go backend
Git clone the OWASP ModSecurity Core Rule Set (CRS) and WAFBench under a same directory
git clone https://github.com/microsoft/WAFBench.git
git clone https://github.com/coreruleset/coreruleset.git
Pick the CRS version you would like to use. We use CRS v3.2 as an example here.
cd coreruleset
git checkout --track origin/v3.2/master
Set the CodeBaseDir
inside waflab/util/const.go
to the directory of WAFBench and CRS.
const CodeBaseDir = "DIRECTORY/OF/WAFBENCH/AND/CRS"
Run Server-backend (at port 7070 by default):
cd waflab
go run main.go
Setup frontend web UI
Install the frontend dependencies with NPM (or Yarn if you like):
cd waflab/web
npm install
Run frontend (at port 7000 by default):
npm start
WAFLab web UI is now avaliable at: http://localhost:7000
Build frontend into static files and it will be served by Go server at port 7070 together with backend API:
npm build
License
This project is licensed under the MIT license.
If you have any issues or feature requests, please contact us. PR is welcomed.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.