[English|繁體中文]
A dynamic rule-based Web Application Firewall written in Rust.
- Custom rule engine with configurable security policies.
- Lightweight and effcient performance in Rust.
- Flexible rule definition through
rules.conf
The following example rule rejects any traffic containing the keyword admin in request URL.
Create rules.conf file in the root directory, WAFfl attaches rules at the compile phase.
SecRuleEngine On
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"
SecAction \
"id:900990,\
phase:1,\
pass,\
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.13.0-dev',\
setvar:tx.crs_setup_version=4130"
SecRule REQUEST_URI "@rx admin" "id:1,phase:1,deny,status:401"
corerulesetgotestwaf
Install all modules:
git submodule update --init --recursivelibmodsecurity>= 3.0.13xorg-server-xvfb>= 21.1.16
To test rule updates, use the following command:
xvfb-run -a --server-args="-screen 0 1920x1080x24" python3 src/api/main.pyCompile WAFfl in release scheme using Cargo:
cargo build --release- The main project (WAFfl) is licensed under the MIT License (see LICENSE).
- The
include/gotestwafdirectory contains code from Wallarm/gotestwaf, licensed under the MIT License (see include/gotestwaf/LICENSE).
This project contains modifications by LTurret and kiol in internal/scanner/scanner.go.
Original project: https://github.com/wallarm/gotestwaf