Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset.
waf.SetErrorLogCb(cb)
(optional)Run the go tests:
go test ./... go test -race ./...
Using pre-commit
pip install pre-commit pre-commit run --all-files
You can also install the pre-commit git hook by running
package main import( "fmt" "github.com/corazawaf/coraza/v2" "github.com/corazawaf/coraza/v2/seclang" ) func main() { // First we initialize our waf and our seclang parser waf := coraza.NewWaf() parser, _ := seclang.NewParser(waf) // Now we parse our rules if err := parser.FromString(`SecRule REMOTE_ADDR "@rx .*" "id:1,phase:1,deny,status:403"`); err != nil { fmt.Println(err) } // Then we create a transaction and assign some variables tx := waf.NewTransaction() defer func(){ tx.ProcessLogging() tx.Clean() }() tx.ProcessConnection("127.0.0.1", 8080, "127.0.0.1", 12345) // Finally we process the request headers phase, which may return an interruption if it := tx.ProcessRequestHeaders(); it != nil { fmt.Printf("Transaction was interrupted with status %d\n", it.Status) } }
Dependency issues:
go get: github.com/jptosso/coraza-waf/[email protected]: parsing go.mod:
module declares its path as: github.com/corazawaf/coraza/v2
but was required as: github.com/jptosso/coraza-waf/v2
Coraza was migrated from github.com/jptosso/coraza-waf to github.com/corazawaf/coraza. Most dependencies has already been updated to use the new repo, but you must make sure they all use v2.0.0-rc.3+. You may use the following command to fix the error:
Contributions are welcome. There are many TODOs, functionalities, fixes, bug reports, and any help you can provide. Just send your PR.
cd /path/to/coraza egrep -Rin "TODO|FIXME" -R --exclude-dir=vendor *
For donations, see Donations site
Original repository: https://github.com/corazawaf/coraza