waf

package module
v0.27.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 5, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

README

Go Reference GitHub release (latest SemVer) GitHub go.mod Go version

WAF

[!NOTE] This repository has been transferred from github.com/tigerwill90/foxwaf to github.com/fox-toolkit/waf. Existing users should update their imports and go.mod accordingly.

WAF is an experimental middleware for the Fox router that integrates the Coraza Web Application Firewall (WAF) to enhance the security of your web applications by intercepting and analyzing HTTP requests and responses.

Disclaimer

This middleware is closely tied to the Fox router, and it will only reach v1 when the router is stabilized. During the pre-v1 phase, breaking changes may occur and will be documented in the release notes.

Getting Started

Installation

go get -u github.com/fox-toolkit/waf
Features
  • Enhanced Security: Integrates Coraza WAF to protect your web application from a variety of web attacks.
  • Seamless Integration: Tightly integrates with the Fox ecosystem.
  • Customizable: Allows for custom security rules and configurations to suit specific use cases.
Usage

Here is an example to load OWASP CRS using coraza-coreruleset.

package main

import (
	"errors"
	"fmt"
	"log"
	"net/http"

	coreruleset "github.com/corazawaf/coraza-coreruleset/v4"
	"github.com/corazawaf/coraza/v3"
	"github.com/fox-toolkit/fox"
	"github.com/fox-toolkit/waf"
)

func main() {

	cfg := coraza.NewWAFConfig().
		WithDirectives("Include @coraza.conf-recommended").
		WithDirectives("Include @crs-setup.conf.example").
		WithDirectives("Include @owasp_crs/*.conf").
		WithDirectives("SecRuleEngine On").
		WithRootFS(coreruleset.FS)

	co, err := coraza.NewWAF(cfg)
	if err != nil {
		panic(err)
	}

	f := fox.MustRouter(
		fox.DefaultOptions(),
		fox.WithMiddleware(waf.Middleware(co)),
	)

	f.MustAdd(fox.MethodGet, "/hello/{name}", func(c *fox.Context) {
		_ = c.String(http.StatusOK, fmt.Sprintf("Hello, %s", c.Param("name")))
	})

	if err = http.ListenAndServe(":8080", f); err != nil && !errors.Is(err, http.ErrServerClosed) {
		log.Fatalln(err)
	}
}

curl -sS -D - "http://localhost:8080/hello/fox?path=../foo"
# HTTP/1.1 403 Forbidden
# Date: Mon, 15 Jul 2024 14:52:24 GMT
# Content-Length: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Middleware 

func Middleware(waf coraza.WAF) fox.MiddlewareFunc

Middleware creates a new Fox middleware function using the provided Coraza WAF instance. It intercepts incoming requests and processes them through coraza.WAF before passing them to the next handler.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.