coraza: OWASP Coraza Web Application Firewall

by ddos ·

OWASP Coraza Web Application Firewall

Welcome to OWASP Coraza WAF, Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset.

 

Web Application Firewall

Coraza v2 differences with v1

  • Full internal API refactor, public API has not changed
  • Full audit engine refactor with plugins support
  • New enhanced plugins interface for transformations, actions, body processors, and operators
  • We are fully compliant with Seclang from modsecurity v2
  • Many features were removed and transformed into plugins: XML (Mostly), GeoIP, and PCRE regex
  • Better debug logging
  • New error logging (like modsecurity)

Why Coraza WAF?

Philosophy

  • Simplicity: Anyone should be able to understand and modify Coraza WAF’s source code
  • Extensibility: It should be easy to extend Coraza WAF with new functionalities
  • Innovation: Coraza WAF isn’t just a ModSecurity port. It must include awesome new functions (in the meantime, it’s just a port 😅)
  • Community: Coraza WAF is a community project, and all ideas will be considered

Install & Use

Copyright 2021 Juan Pablo Tosso

Tags: OWASPWeb Application Firewall