Coraza WAF: A High-Performance Go Web Application Firewall

Introduction

Coraza WAF (corazawaf/coraza) is an open-source, enterprise-grade Web Application Firewall (WAF) designed to protect your web applications with high performance. Written in Go, Coraza is compatible with ModSecurity SecLang rulesets and boasts 100% compatibility with the OWASP Core Rule Set (CRS) v4. This makes it a powerful and flexible solution for safeguarding against a wide array of web-based threats, including the OWASP Top Ten.

Key features of Coraza WAF include:

Drop-in: An alternative engine with partial compatibility with the OWASP ModSecurity Engine, supporting industry-standard SecLang rule sets.
Security: Runs the OWASP CRS v4 to protect against SQL Injection, Cross Site Scripting (XSS), PHP & Java Code Injection, and more.
Extensible: As a library, Coraza allows for custom integrations, audit loggers, persistence engines, operators, and actions.
Performance: Engineered to handle significant load with minimal performance impact, suitable for both large and small applications.
Simplicity: Designed for ease of understanding and modification, making it straightforward to extend with new functionality.
Community: An active community project that welcomes contributions and new ideas.

Installation

Coraza WAF is primarily used as a Go library. To integrate it into your Go project, you need Go v1.22+ or a TinyGo compiler.

To add Coraza to your project, simply use go get:

go get github.com/corazawaf/coraza/v3

Coraza can then be imported and used within your Go application to implement security middleware or integrate with existing web servers.

Examples

Here's a basic example demonstrating how to initialize Coraza WAF and process a request with a simple rule:

package main

import (
	"fmt"

	"github.com/corazawaf/coraza/v3"
)

func main() {
	// First we initialize our waf and our seclang parser
	waf, err := coraza.NewWAF(coraza.NewWAFConfig().
		WithDirectives(`SecRule REMOTE_ADDR "@rx .*" "id:1,phase:1,deny,status:403"`))
	// Now we parse our rules
	if err != nil {
		fmt.Println(err)
	}

	// Then we create a transaction and assign some variables
	tx := waf.NewTransaction()
	defer func() {
		tx.ProcessLogging()
		tx.Close()
	}()
	tx.ProcessConnection("127.0.0.1", 8080, "127.0.0.1", 12345)

	// Finally we process the request headers phase, which may return an interruption
	if it := tx.ProcessRequestHeaders(); it != nil {
		fmt.Printf("Transaction was interrupted with status %d\n", it.Status)
	}
}

This example initializes a WAF instance with a rule that denies any request from any remote IP address, returning a 403 status. It then creates a transaction, processes connection details, and finally processes request headers, checking for any interruptions caused by the WAF rules.

Why Use Coraza WAF?

Choosing Coraza WAF for your application security offers several compelling advantages:

Robust Security with OWASP CRS: By being 100% compatible with OWASP Core Rule Set v4, Coraza provides comprehensive protection against common and emerging web vulnerabilities, ensuring your applications are shielded from the OWASP Top Ten.
High Performance: Built in Go, Coraza is designed for speed and efficiency, allowing it to handle high traffic volumes without significantly impacting application performance.
Flexibility and Extensibility: Its library-first approach means Coraza can be deeply integrated into various Go applications and extended with custom logic, making it adaptable to specific security needs.
ModSecurity Compatibility: For those familiar with ModSecurity, Coraza offers a familiar ruleset language, easing the transition and leveraging existing knowledge and rule sets.
Active Community and Development: As an OWASP production project, Coraza benefits from an active community, ensuring continuous development, support, and security updates.

Coraza WAF: A High-Performance Go Web Application Firewall

Summary

Repository Info

Tags

Introduction

Installation

Examples

Why Use Coraza WAF?

Links