Raptor WAF v0.2 - Web Application Firewall using DFA
Raptor WAF is a simple web application firewall made in C, using KISS principle,
to make poll use select() function, is not better than epoll() or
kqueue() from *BSD but is portable, the core of match engine using DFA
to detect XSS, SQLi and path traversal.
No more words, look at the following :
WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...
- You can block XSS, SQL injection attacks and path traversal with Raptor
- You can use blacklist of IPs to block some users at config/blacklist ip.txt
- You can use IPv6 and IPv4 at communications
- At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.
- At the future SSL/TLS...
to run:
$ git clone https://github.com/CoolerVoid/raptor_waf
$ cd raptor_waf; make; bin/raptor
Example
Up some HTTPd server at port 80$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt
you can test at http://localhost:8883/test.phpLook the docs
https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdfTests:
509 of attacks, detect and block 349, 68% of attacks blockedSteps to create your WAF(web application firewall) in C
Following definition (like OWASP),
a WAF is a piece of software intended to protect a web app that is on
the level of the application. nowadays, a WAF is not defined by the web
app, it’s not a customized solution specific to that application but
similarly to a general software firewall, where one that contains
parameters to protect against intrusion in a wide variety of frameworks
and codes.
Trying clear your mind, there is overlap between the different types of
firewalls. Software and hardware firewalls are used in their own right
to protect networks. However, WAFs with their specialized function for
web applications, can take the form input of either of those two main
types. Per default, a firewall uses a blacklist, protecting against an
individual, previously logged attacks. Additionally, it can also use a
white list, providing allowable users and instances of interaction for
the application, another function is block SQL Injection attacks and XSS attacks…
Another context WAFs can create random tokens and put in forms to try
blocks web robots and automated attacks, this practice can try mitigate CSRF pitfalls.
Before you ask “How i can do it?”, i gotta bring to you some principles, anyway the theory around facts…
Have two common WAFs:
1- Uses plugin in HTTPd to get information of data
INPUT or OUTPUT, before finish he gets the request and block some
contents, this function focuses at HTTP METHODs POST, GET…
2- This way, is my favorite, is a independent reverse
proxy server, he bring all requests of the client to the proxy, the
proxy makes some analysis in the content, if not block, he send all the
information to the external server…
Number One is a cold, this path is not fully portable… other bad
thing you need create a diferent plugin each HTTPd, something to apache
another to NGINX, IIs, lighttpd… its not cool! If you are not a good low level programmer… you can try use twisted of
python, is easy make reverse proxy with it, but is not good way,
because not have good performance in production… if you piss off for it,
study the Stevens book of sockets.
Its OK, the title of this post is “create waf in C”, Task fully done here and commented and with some documentations in LaTex… relax, you can get it in this repository:
Raptor WAF v0.2 - Web Application Firewall using DFA
Reviewed by Zion3R
on
4:37 PM
Rating: