/wafris-rb

Wafris Client for Rails and Rack applications

Primary LanguageRubyOtherNOASSERTION

Wafris for Ruby/Rails

Wafris is an open-source Web Application Firewall (WAF) that runs within Rails (and other frameworks) powered by Redis.

Paired with Wafris Hub, you can view your site traffic in real time and and create rules to block malicious traffic from hitting your application.

Rules and Graph

Rules like:

  • Block IP addresses (IPv6 and IPv4) from making requests
  • Block on hosts, paths, user agents, parameters, and methods
  • Rate limit (throttle) requests
  • Visualize inbound traffic and requests

Need a better explanation? Read the overview at: wafris.org

Installation and Configuration

The Wafris Ruby client is a gem that installs a Rack middleware into your Rails/Sinatra/Rack application filtering requests based on your created rules.

Requirements

  • Rails 5+
  • Ruby 2.5+

Setup

1. Connect on Wafris Hub

Go to https://wafris.org/hub to create a new account and follow the instructions to link your Redis instance.

Note: In Step 3, you'll use this same Redis URL in your app configuration.

2. Add the gem to your application

Update your Gemfile to include the Wafris gem and run bundle install

# Gemfile
gem 'wafris'

3. Set your API Key

In your production environment, you'll need to set the WAFRIS_API_KEY environment variable to your API key. When you sign up on Wafris Hub, you'll receive your API key along with per-platform instructions.

v1 Migration

Version 1 of the Wafris Rails client gem is deprecated. While it will continue to work you will experience signifiant performance improvements moving to v2.

The v2 Client does not depend on a Redis instance and instead uses locally sync'd SQLite databases. If you are currently using your own Redis instance, it will continue to work, but we would recommend creating a new WAF instance on Hub and migrating your existing rules.

Update by running bundle update wafris and then updating your configuration.

We recommend removing your existing config/initializers/wafris.rb file and instead setting the WAFRIS_API_KEY environment variable in your production environment.

Your Wafris API key and platform specific instructions are available in the Setup section of your Wafris Hub dashboard.

Trusted Proxies

If you have Cloudflare, Expedited WAF, or another service in front of your application that modifies the x-forwarded-for HTTP Request header, please review how to configure Trusted Proxy Ranges

Help / Support

Credits

Thanks to the following people who have contributed patches or helpful suggestions: