[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDIwzcZLeJuzWXppUYD064RlCGG9G9U2dQuxJNspnaX5IkUJYrTV9Q1tyOejKNEMT9Ch2nj1zOgvipfnS8aeGwvnbEsypqT16iKLA99igOo36scdZAxHTug93PD2iwzF2_igKCwejw8gSDMI_ZRIDNbD98pyhk5K5gpUGA7JZMhm8Z4CYYHn017SIV/w640-h170/coraza.png)]()
Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity’s seclang language and is 100% compatible with OWASP Core Ruleset.
## Prerequisites
* Linux distribution (Debian and Centos are recommended, Windows is not supported yet)
* Golang [compiler]( “compiler” ) v1.16+
## Migrate from v1
* Rollback SecAuditLog to the legacy syntax (serial/concurrent)
* Attach an error log handler using `waf.SetErrorLogCb(cb)` (optional)
* the function Transaction.Clean() must be used to clear transaction data, files and take them back to the sync pool.
* If you are using @rx with libpcre (CRS) install the plugin [github.com/jptosso/coraza-pcre]( “github.com/jptosso/coraza-pcre” )
* If you are using low level APIs check the complete changelog as most of them were removed.
## Running the tests
Run the go tests:
go test ./…
go test -race ./…
Using pre-commit
pip install pre-commit
pre-commit run –all-files
You can also install the pre-commit git hook by running
pre-commit install
## Coraza v2 differences with v1
* Full internal API refactor, public API has not changed
* Full audit engine refactor with plugins support
* New enhanced plugins interface for transformations, actions, body processors, and operators
* We are fully compliant with Seclang from modsecurity v2
* Many features removed and transformed into plugins: XML (Mostly), GeoIP and PCRE regex
* Better debug logging
* New error logging (like modsecurity)
* Better performance
## Your first Coraza WAF project
package main
import(
“fmt”
“github.com/corazawaf/coraza/v2”
“github.com/corazawaf/coraza/v2/seclang”
)
func main() {
// First we initialize our waf and our seclang parser
waf := coraza.NewWaf()
parser, _ := seclang.NewParser(waf)
// Now we parse our rules
if err := parser.FromString(`SecRule REMOTE_ADDR “@rx .*” “id:1,phase:1,deny,status:403″`); err != nil {
fmt.Println(err)
}
// Then we create a transaction and assign some variables
tx := waf.NewTransaction()
defer func(){
tx.ProcessLogging()
tx.Clean()
}()
tx.ProcessConnection(“127.0.0.1”, 8080, “127.0.0.1”, 12345)
// Finally we process the request headers phase, which may return an interruption
if it := tx.ProcessRequestHeaders(); it != nil {
fmt.Printf(“Transaction was interrupted with status %dn”, it.Status)
}
}
## Why Coraza WAF?
### Philosophy
* **Simplicity:** Anyone should be able to understand and modify Coraza WAF’s source code
* **Extensibility:** It should be easy to extend Coraza WAF with new functionalities
* **Innovation:** Coraza WAF isn’t just a [ModSecurity]( “ModSecurity” ) port. It must include awesome new functions (in the meantime, it’s just a port
?
)
* **Community:** Coraza WAF is a community project, and all ideas will be considered
### Roadmap
* New rule language
* GraphQL body processor
* C exports
* WASM scripts support
## Coraza WAF implementations
* [Caddy Plugin (Reverse Proxy and Web Server)]( “Caddy Plugin (Reverse Proxy and Web Server)” ) (Stable)
* [Traefik Plugin (Reverse Proxy and Web Server)]( “Traefik Plugin (Reverse Proxy and Web Server)” ) (preview)
* [Gin ]( “Gin” )[Middleware]( “Middleware” ) (Web Framework) (Preview)
* [Buffalo Plugin (Web Framework)]( “Buffalo Plugin (Web Framework)” ) (soon)
* [Coraza Server (HAPROXY, REST and GRPC)]( “Coraza Server (HAPROXY, REST and GRPC)” ) (experimental)
* [Apache httpd]( “Apache httpd” ) (experimental)
* [Nginx]( “Nginx” ) (soon)
* [Coraza C Exports]( “Coraza C Exports” ) (experimental)
## Some useful tools
* [Go FTW]( “Go FTW” ): rule testing engine
* [Coraza Playground]( “Coraza Playground” ): rule testing sandbox with web interface
* [OWASP Core Ruleset]( “OWASP Core Ruleset” ): Awesome rule set, compatible with Coraza
## Troubleshooting
**Dependency issues**:
go get: github.com/jptosso/coraza-waf/[email protected]: parsing go.mod:
module declares its path as: github.com/corazawaf/coraza/v2
but was required as: github.com/jptosso/coraza-waf/v2
Coraza was migrated from github.com/jptosso/coraza-waf to github.com/corazawaf/coraza. Most dependencies has already been updated to use the new repo, but you must make sure they all use v2.0.0-rc.3+. You may use the following command to fix the error:
go get -u github.com/corazawaf/coraza/[email protected]
## How to contribute
Contributions are welcome. There are many TODOs, functionalities, fixes, bug reports, and any help you can provide. Just send your PR.
cd /path/to/coraza
egrep -Rin “TODO|FIXME” -R –exclude-dir=vendor *
## Special thanks
* Modsecurity team for creating ModSecurity
* OWASP Coreruleset team for the CRS and their help
### Companies using Coraza
* [Babiel]( “Babiel” ) (supporter)
### Author on Twitter
* [@jptosso]( “@jptosso” )
## Donations
For donations, see [Donations site]( “Donations site” )
**[Download Coraza]( “Download Coraza” )**Read More
References
Back to Main