Coraza is an open supply, enterprise-grade, excessive efficiency Internet Software Firewall (WAF) prepared to guard the one that you love functions. It written in Go, helps ModSecurity SecLang rulesets and is 100% suitable with the OWASP Core Rule Set.
Key Options:
- ⇲ Drop-in – Coraza is a drop-in different to interchange the quickly to be deserted Trustwave ModSecurity Engine and helps business commonplace SecLang rule units.
- Safety – Coraza runs the OWASP Core Rule Set (CRS) to guard your internet functions from a variety of assaults, together with the OWASP Prime Ten, with a minimal of false alerts. CRS protects from many widespread assault classes together with: SQL Injection (SQLi), Cross Web site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages.
- Extensible – Coraza is a library at its core, with many integrations to deploy on-premise Internet Software Firewall situations. Audit Loggers, persistence engines, operators, actions, create your personal functionalities to increase Coraza as a lot as you need.
- Efficiency – From big web sites to small blogs, Coraza can deal with the load with minimal efficiency affect. Test our Benchmarks
- ﹡ Simplicity – Anybody is ready to perceive and modify the Coraza supply code. It’s simple to increase Coraza with new performance.
- Neighborhood – Coraza is a neighborhood mission, contributions are accepted and all concepts will likely be thought-about. Discover contributor steerage within the CONTRIBUTION doc.
Integrations
The Coraza Undertaking maintains implementations and plugins for the next servers:
Plugins
Roadmap
- WASM scripts help
- New rule language
- GraphQL physique processor
- TinyGo help
- libcoraza C exports
Conditions ( Golang and Linux )
- Golang compiler v1.16+
- Linux distribution (Debian or Centos advisable, Home windows not supported but)
Coraza open-source mission Core Utilization
Coraza can be utilized as a library in your Go program to implement a safety middleware or combine it with current utility & webservers.
package deal major import ( "fmt" "github.com/corazawaf/coraza/v3" ) func major() { // First we initialize our waf and our seclang parser waf, err := coraza.NewWAF(coraza.NewWAFConfig(). WithDirectives(`SecRule REMOTE_ADDR "@rx .*" "id:1,section:1,deny,standing:403"`)) // Now we parse our guidelines if err != nil { fmt.Println(err) } // Then we create a transaction and assign some variables tx := waf.NewTransaction() defer func() { tx.ProcessLogging() tx.Shut() }() tx.ProcessConnection("127.0.0.1", 8080, "127.0.0.1", 12345) // Lastly we course of the request headers section, which can return an interruption if it := tx.ProcessRequestHeaders(); it != nil { fmt.Printf("Transaction was interrupted with standing %dn", it.Standing) } }