search

corazawaf / coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
https://www.coraza.io
Apache License 2.0
2.24k stars 222 forks source link

Example use with Gin Framework #56

Closed batara666 closed 3 years ago

batara666 commented 3 years ago

Your's such great & useful software

jptosso commented 3 years ago

Gin framework seems interesting, I'm going to add it to the list of possible modules and middlewares

Thank you!

jptosso commented 3 years ago

I might create a working plugin in the future but this will work for phases 1, 2 and 5. Phases 3 and 4 requires a responseWriter overwrite.

func Coraza() gin.HandlerFunc {
        waf := engine.NewWaf()
        parser := seclang.NewParser(waf)
        parser.FromString(`secrule.....`)
    return func(c *gin.Context) {
        tx := waf.NewTransaction()
                 tx.ProcessRequest(c.Request)
                 if tx.Interruption != nil {...}
        c.Next()
        // in order to parse the response, you must overwrite the ResponseWriter https://github.com/gin-gonic/gin/blob/caf2802593277033683c4e8cb5f22c81cc35eae8/response_writer.go#L20
    }
}

func main() {
    r := gin.New()
    r.Use(Coraza())

    r.GET("/test", func(c *gin.Context) {
// your code
    })

    // Listen and serve on 0.0.0.0:8080
    r.Run(":8080")
}
jptosso commented 3 years ago

Now there is a gin implementation: https://github.com/jptosso/coraza-gin