/coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library

Primary LanguageGoApache License 2.0Apache-2.0

  Coraza - Web Application Firewall

Regression Tests Coreruleset Compatibility CodeQL Coverage Project Status: Active – The project has reached a stable, usable state and is being actively developed. OWASP Lab Project GoDoc

Coraza is an open source, enterprise-grade, high performance Web Application Firewall (WAF) ready to protect your beloved applications. It written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set.


Key Features:

  • ⇲ Drop-in - Coraza is a drop-in alternative to replace the soon to be abandoned Trustwave ModSecurity Engine and supports industry standard SecLang rule sets.

  • 🔥 Security - Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages.

  • 🔌 Extensible - Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. Audit Loggers, persistence engines, operators, actions, create your own functionalities to extend Coraza as much as you want.

  • 🚀 Performance - From huge websites to small blogs, Coraza can handle the load with minimal performance impact. Check our Benchmarks

  • ﹡ Simplicity - Anyone is able to understand and modify the Coraza source code. It is easy to extend Coraza with new functionality.

  • 💬 Community - Coraza is a community project, contributions are accepted and all ideas will be considered. Find contributor guidance in the CONTRIBUTION document.


Integrations

The Coraza Project maintains implementations and plugins for the following servers:

Plugins

Roadmap

  • WASM scripts support
  • New rule language
  • GraphQL body processor
  • TinyGo support
  • libcoraza C exports

Prerequisites

  • Golang compiler v1.16+
  • Linux distribution (Debian or Centos recommended, Windows not supported yet)

Coraza Core Usage

Coraza can be used as a library for your Go program to implement a security middleware or integrate it with existing application & webservers.

package main

import(
	"fmt"
	"github.com/corazawaf/coraza/v2"
	"github.com/corazawaf/coraza/v2/seclang"
)

func main() {
	// First we initialize our waf and our seclang parser
	waf := coraza.NewWaf()
	parser, _ := seclang.NewParser(waf)

	// Now we parse our rules
	if err := parser.FromString(`SecRule REMOTE_ADDR "@rx .*" "id:1,phase:1,deny,status:403"`); err != nil {
		fmt.Println(err)
	}

	// Then we create a transaction and assign some variables
	tx := waf.NewTransaction()
	defer func(){
		tx.ProcessLogging()
		tx.Clean()
	}()
	tx.ProcessConnection("127.0.0.1", 8080, "127.0.0.1", 12345)

	// Finally we process the request headers phase, which may return an interruption
	if it := tx.ProcessRequestHeaders(); it != nil {
		fmt.Printf("Transaction was interrupted with status %d\n", it.Status)
	}
}

Tools

Troubleshooting

Dependency issues:

go get: github.com/jptosso/coraza-waf/v2@v2.0.0-rc.3: parsing go.mod:
	module declares its path as: github.com/corazawaf/coraza/v2
	        but was required as: github.com/jptosso/coraza-waf/v2

Coraza was migrated from github.com/jptosso/coraza-waf to github.com/corazawaf/coraza. Most dependencies has already been updated to use the new repo, but you must make sure they all use v2.0.0-rc.3+. You may use the following command to fix the error:

go get -u github.com/corazawaf/coraza/v2@v2.0.0-rc.3

Contribute

Contributions are welcome! Please refer to CONTRIBUTING.md for guidance.

Thanks

  • Modsecurity team for creating ModSecurity
  • OWASP Coreruleset team for the CRS and their help

Companies using Coraza

Author on Twitter

Donations

For donations, see Donations site