search

jcchavezs / coraza-http-wasm

http-wasm middleware based on Coraza WAF
Apache License 2.0
12 stars 2 forks source link

readme

coraza-http-wasm

Web Application Firewall WASM middleware built on top of Coraza and implementing the http-wasm ABI.

Getting started

go run mage.go -l lists all the available commands:

$ go run mage.go -l
Targets:
  build*    builds the wasm binary.
  e2e       runs e2e tests
  format    formats code in this repository.
  ftw       runs the FTW test suite
  lint      verifies code format.
  test      runs all unit tests.

* default target

Building the binary

go run mage.go build

You will find the WASM plugin under ./build/coraza-http-wasm.wasm.

Basic Configuration

{
   "directives": [
    "SecRuleEngine On",
    "SecDebugLog /dev/stdout",
    "SecDebugLogLevel 9",
    "SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,log,deny,status:403\""
   ]
  }

Test it

curl -I 'http://localhost:8080/admin'    # 403
curl -I 'http://localhost:8080/anything' # 200