WAF>> waflz>> 返回
项目作者: EdgeCast

项目描述 :
multitenant ModSecurity compatible WAF engine from Verizon Digital Media Services
高级语言: C++
项目地址: git://github.com/EdgeCast/waflz.git
创建时间: 2018-06-07T06:09:10Z
项目社区:https://github.com/EdgeCast/waflz
开源协议:Apache License 2.0
下载


waflz-ci



waflz

A multitenant ModSecurity compatible WAF engine. Docs

Table of Contents

Background

An implementation of a WAF engine in c/c++ supporting processing a subset of ModSecurity rules functionalties, configurable with either json or ModSecurity rules. waflz is optimized to support running many WAF profiles side by side, by using faster/smaller internal data types and sharing common ruleset data between the profiles -ie if multiple WAF profiles refer to the same ruleset(s), the ruleset(s) are loaded only once for all and shared in memory.

Rationale

The Edgio global edge platform is a multitenant CDN supporting our hundreds of thousands individual customer configurations from any given location. The Edgio WAF supports running OWASP Core Rulesets as well as some third-party rulesets. The performance and resource allocation of any given customer configuration has the potential of impacting others -ie eventually all configurations live in memory on a physical server in a “Point of Presence” (POP) in a datacenter. It was important then to the Edgio CDN the WAF be as high performant, memory constrained, and deterministic as possible.

Capabilities

The open source standard implementation of the ModSecurity Rules Engine -while excellent, and extremely flexible for individuals’ use-cases, could be problematic in a CDN, where performance is the product. Several ModSecurity capabilities eg SecRemoteRules and inspectFile, were intentionally ommitted, due to potential performance impacts in a multitenant environment. A list of currently supported variables, operators and transforms are listed in the capabilities section of the docs

Install

Building

Ubuntu (18.04/20.04)

Package Requirements
  1. $ sudo apt-get install -y libssl-dev libpcre3-dev libxml2-dev libicu-dev protobuf-compiler libprotobuf-dev liblzma-dev python3-pip
Python Package Requirements
  1. $ pip3 install -r requirements.txt
Build

This script will build, run tests, and create packages

  1. $ ./build.sh
Install (optional)
  1. cd ./build
  2. sudo make install

OS X

Package Requirements (with Homebrew)
  1. $ brew install cmake openssl protobuf libxml2 pcre dpkg rapidjson jq
Python Package Requirements
  1. $ pip3 install -r requirements.txt
Build
  1. $ ./build.sh

Running Tests

  1. $ cd ./build
  2. $ make test

Source Code Layout

The waflz root directory contains this README, the build.sh script which automates building/testing/packaging, and other files related to CI/CD.

Inside the root are the following important directories:

  • docs: Contains everything necessary to generate documentation. Changes should be made inside the source subdirectory.
  • ext: External libraries that are compiled and used by waflz
  • include/waflz: The core C/C++ header files
  • proto: The Protocol Buffer definition files used by waflz
  • src: The core C/C++ source files, organized by functionality
  • sub: Contains the submodules used by waflz
  • tests: Contains the waflz test suite, which includes blackbox, whitebox, and stress testing
  • util: Utility applications that are useful for testing and validation of the waflz library

Usage

Running standalone waflz_server for testing WAF rules

  1. $ cat rule.conf
  2.   SecRule &REQUEST_HEADERS:Host "@eq 0" \
  3.         "phase:2,\
  4.         rev:'2',\
  5.         ver:'OWASP_CRS/2.2.9',\
  6.         t:none,block,\
  7.         msg:'Request Missing a Host Header',\
  8.         id:'960008',\
  9.         severity:'4',\
  10.         setvar:'tx.msg=%{rule.msg}',\
  11.         setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},\
  12.         setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
  14. $ ./build/util/waflz_server/waflz_server --modsecurity=rule.conf

curl’ing waflz_server

  1. $ curl -s "http://localhost:12345/index.html" -H"Host:" | jq '.'
  2. {
  3.   "matched_var": {
  4.     "name": "REQUEST_HEADERS",
  5.     "value": "MA=="
  6.   },
  7.   "rule_msg": "Inbound Anomaly Score Exceeded (Total Score: 3): Last Matched Message: Request Missing a Host Header",
  8.   "rule_op_name": "gt",
  9.   "rule_op_param": "0",
  10.   "rule_tag": [
  11.     "OWASP_CRS/ANOMALY/EXCEEDED"
  12.   ],
  13.   "rule_target": [
  14.     {
  15.       "name": "TX",
  16.       "param": "ANOMALY_SCORE"
  17.     }
  18.   ],
  19.   "sub_event": [
  20.     {
  21.       "matched_var": {
  22.         "name": "REQUEST_HEADERS",
  23.         "value": "MA=="
  24.       },
  25.       "rule_id": 960008,
  26.       "rule_intercept_status": 403,
  27.       "rule_msg": "Request Missing a Host Header",
  28.       "rule_op_name": "EQ",
  29.       "rule_op_param": "0",
  30.       "rule_target": [
  31.         {
  32.           "is_counting": true,
  33.           "name": "REQUEST_HEADERS",
  34.           "param": "Host"
  35.         }
  36.       ],
  37.       "total_anomaly_score": 3,
  38.       "waf_profile_id": "__na__",
  39.       "waf_profile_name": "__na__"
  40.     }
  41.   ],
  42.   "total_anomaly_score": 3,
  43.   "waf_profile_id": "__na__",
  44.   "waf_profile_name": "__na__"
  45. }

Contribute

  • We welcome issues, questions and pull requests.

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to the LICENSE-2.0.txt file for the full terms.