EasyWAF
A web application firewall that filters, monitors, and blocks malicious HTTP traffic.
EasyWAF is a high-performance HTTP reverse proxy that sits in front of your web applications. It inspects all incoming requests and blocks common attacks—like SQL injection, cross-site scripting (XSS), and automated crawlers—before they can touch your backend servers.
Traffic Flow
graph LR
Client["Client Request"] --> WAF["EasyWAF (Port 80/443)"]
WAF -->|SQLi, XSS, Rule Engine| Check{"Blocked?"}
Check -->|"Yes (Drop)"| Drop["HTTP 403 Forbidden"]
Check -->|"No (Forward)"| Backend["Backend App (Port 8080)"]
Features
- Real-time Request Filtering: Analyze headers, query parameters, cookies, and request bodies for attack signatures.
- Low Overhead: Built in Rust with asynchronous I/O to process thousands of requests per second with sub-millisecond latency.
- Dynamic Rule Reloads: Update your configurations and IP block lists on the fly without stopping or restart-dropping traffic.
- Detailed Analytics Ingest: Seamlessly hooks into EasyLog to log blocked attacks and generate security metrics.
Configuration
EasyWAF is configured using a simple easywaf.toml file. Below is a sample configuration showing active blocking rules and proxy settings:
[server]
listen = "0.0.0.0:443"
backend = "127.0.0.1:8080"
mode = "blocking" # Options: blocking, monitoring
[rules]
block_sqli = true
block_xss = true
max_body_size = 2097152 # 2MB limit
[rate_limiting]
enabled = true
requests_per_minute = 100
burst_limit = 20
[blocklist]
ips = [
"192.168.1.15",
"10.0.4.82"
]
Getting Started
1. Launch EasyWAF
Run EasyWAF pointing to your configuration file:
2. Verify Traffic Protection
Test that malicious requests are blocked correctly by sending a request containing a SQL injection signature:
Expected Response: