/waffle

Web Application Firewall, made in go.

Primary LanguageGoMIT LicenseMIT

WAFFLE

drawing

❗ The problem

Imagine, that you are a user who wants to play a game, or use a website on remote server, but something isn't right, the connection is so slow, and you don't know why. You are probably mad, because you can't watch your favorite cat videos and images. Anime is out of your reach as well, you are thinking about eating pizza from tasty Da Grasso 🐴 to make your day just a little bit better and better.

drawing

💚 The solution

drawing

You wrote to the website administrator to use Waffle, the open-source DDOS protector, the reverse proxy of future, the strongest defense of all, and it's free (and not nearly done at all)!

Documentation

This is github wiki's based documentation of the project (in progress):

Introduction

Probably you know about CloudFlare, every one knows, but this is a partially paid solution. As the open source community we are missing a real modular and open source Web Application Firewall that could be used in the place of CF. The project is huge, tho we are looking for the contributors.

How to run / Develop ?

Prerequisites

  • Go 1.22+
  • golangci-lint
  • Npcap (windows)
  • make (if windows, try using chocolatey)
  • openssl (if windows, try using git bash)
  • mockery
  1. Create certificates and FS embed go file provider make certs_windows //: # (2. Execute docker compose up -d to create needed infrastructure)
  2. Set environment variables before running the proxy:

Generate certificates

Execute make certs_windows and go through process. It should certs in the .cert directory.

Next steps

Important

Currently, the project can be only used with GO installed locally, but there is a plan to create usable binaries.

*How to run binaries? Currently there are 3 binaries:

  • collector
  • proxy
  • tcpproxy (partially done)

The proxy is the core binary, which can be kind of used, to run it execute: go run ./cmd/proxy/main.go

Remember to add valid config to the ./cmd/proxy/config.yml file, looks something like this:

dns:
  - host: "google.localhost:8080"
    address: "https://google.com"
  - host: "100commitow.localhost:8080"
    address: "https://100commitow.pl"

rules:
  custom:
    - name: "request payload must contain at least one character and should contain at least one header"
      predicate: "p => LEN(p.payload) > 0 && LEN(p.headers) > 0"
    - name: "payload must be a json"
      predicate: "p => FORMAT(p.payload) == 'json'"

Planned features / Architecture

To bo honest, I'm learning how to write WAF from the scratch, so this part will be updated after a while.

  • XSS protection (HTML + we can take a look on sql injection)
  • DDOS protection

What I have learned?

  • Neovim
  • DDOS protection
  • XSS /SQLI protection

Contribution

What do I need to know to help?

If you are looking to help to with a code contribution our project uses GO, k8s.

How can I do that?

Never made an open source contribution before? Wondering how contributions work in the in our project? Here's a quick rundown!

Find an issue that you are interested in addressing or a feature that you would like to add.

Fork the repository associated with the issue to your local GitHub organization. This means that you will have a copy of the repository under your-GitHub-username/repository-name.

Clone the repository to your local machine using git clone.

Create a new branch for your fix using git checkout -b branch-name-here.

Make the appropriate changes for the issue you are trying to address or the feature that you want to add.

Use git add insert-paths-of-changed-files-here to add the file contents of the changed files to the "snapshot" git uses to manage the state of the project, also known as the index.

Use git commit -m "Insert a short message of the changes made here" to store the contents of the index with a descriptive message.

Push the changes to the remote repository using git push origin branch-name-here.

Submit a pull request to the upstream repository.

Title the pull request with a short description of the changes made and the issue or bug number associated with your change. For example, you can title an issue like so "Added more log outputting to resolve #4352".

In the description of the pull request, explain the changes that you made, any issues you think exist with the pull request you made, and any questions you have for the maintainer. It's OK if your pull request is not perfect (no pull request is), the reviewer will be able to help you fix any problems and improve it!

Wait for the pull request to be reviewed by a maintainer.

Make changes to the pull request if the reviewing maintainer recommends them.

Celebrate your success after your pull request is merged! 🚀

Where can I go for help? If you need help, you can ask questions on our Discord: https://discord.gg/33azuUWnm4

What does the Code of Conduct mean for me?

Our Code of Conduct means that you are responsible for treating everyone on the project with respect and courtesy regardless of their identity. If you are the victim of any inappropriate behavior or comments as described in our Code of Conduct, we are here for you and will do the best to ensure that the abuser is reprimanded appropriately, per our code.

HTML injection are attacks agains the HTML tokenization algorithm, examples: img.png Basically, we need to tokenize input and check attributes, tags against a set of rules

Links: