coraza: OWASP Coraza Web Application Firewall

OWASP Coraza Web Application Firewall

Welcome to OWASP Coraza WAF, Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset.

Coraza v2 differences with v1

• Full internal API refactor, public API has not changed
• Full audit engine refactor with plugins support
• New enhanced plugins interface for transformations, actions, body processors, and operators
• We are fully compliant with Seclang from modsecurity v2
• Many features were removed and transformed into plugins: XML (Mostly), GeoIP, and PCRE regex
• Better debug logging
• New error logging (like modsecurity)

Why Coraza WAF?

Philosophy

• Simplicity: Anyone should be able to understand and modify Coraza WAF’s source code
• Extensibility: It should be easy to extend Coraza WAF with new functionalities
• Innovation: Coraza WAF isn’t just a ModSecurity port. It must include awesome new functions (in the meantime, it’s just a port 😅)
• Community: Coraza WAF is a community project, and all ideas will be considered

Install & Use

Copyright 2021 Juan Pablo Tosso