Skip to content

EasyWAF

A web application firewall that filters, monitors, and blocks malicious HTTP traffic.

EasyWAF is a high-performance HTTP reverse proxy that sits in front of your web applications. It inspects all incoming requests and blocks common attacks—like SQL injection, cross-site scripting (XSS), and automated crawlers—before they can touch your backend servers.


Traffic Flow

graph LR
    Client["Client Request"] --> WAF["EasyWAF (Port 80/443)"]
    WAF -->|SQLi, XSS, Rule Engine| Check{"Blocked?"}
    Check -->|"Yes (Drop)"| Drop["HTTP 403 Forbidden"]
    Check -->|"No (Forward)"| Backend["Backend App (Port 8080)"]

Features

  • Real-time Request Filtering: Analyze headers, query parameters, cookies, and request bodies for attack signatures.
  • Low Overhead: Built in Rust with asynchronous I/O to process thousands of requests per second with sub-millisecond latency.
  • Dynamic Rule Reloads: Update your configurations and IP block lists on the fly without stopping or restart-dropping traffic.
  • Detailed Analytics Ingest: Seamlessly hooks into EasyLog to log blocked attacks and generate security metrics.

Configuration

EasyWAF is configured using a simple easywaf.toml file. Below is a sample configuration showing active blocking rules and proxy settings:

[server]
listen = "0.0.0.0:443"
backend = "127.0.0.1:8080"
mode = "blocking" # Options: blocking, monitoring

[rules]
block_sqli = true
block_xss = true
max_body_size = 2097152 # 2MB limit

[rate_limiting]
enabled = true
requests_per_minute = 100
burst_limit = 20

[blocklist]
ips = [
  "192.168.1.15",
  "10.0.4.82"
]

Getting Started

1. Launch EasyWAF

Run EasyWAF pointing to your configuration file:

easywaf --config /etc/easywaf/easywaf.toml

2. Verify Traffic Protection

Test that malicious requests are blocked correctly by sending a request containing a SQL injection signature:

curl -i "http://your-server-ip/?id=1%20UNION%20SELECT%20username%20FROM%20users"

Expected Response:

HTTP/1.1 403 Forbidden
Content-Type: text/plain
Content-Length: 26

Request blocked by EasyWAF