Skip to content

A Minimalistic Web Application Firewall for your purposes in NodeJS servers.

License

Notifications You must be signed in to change notification settings

MurylloEx/Mini-WAF

Repository files navigation

Mini WAF

Getting started into Mini-WAF!

A Minimalistic Web Application Firewall for your purposes in NodeJS servers. It will protect your servers against XSS, XSRF, DOS, LFI, SQL Injection, Unauthorized Remote Access, Unhandled Exceptions and Botnets attacks. Mini-WAF is a Minimalistic Web Application Firewall that avoid and block several attacks in HTTP and HTTPS protocols with a great support to IPv4 and IPv6.

Installation

You must run the following terminal command in same path of your project.

npm install mini-waf --save

First use of Mini-WAF with Express

After install Mini-WAF and it's dependencies you need load our middleware with an initialized object that contains all rules, callbacks and properties necessary to protect your application. By default, you can load our own waf config in wafrules module.

const express = require("express");
const app = express();

const Waf = require('mini-waf/wafbase');
const wafrules = require('mini-waf/wafrules');

//Register the middleware of Mini-WAF with standard rules.
app.use(Waf.WafMiddleware(wafrules.DefaultSettings));

//Create your routes in your way!
app.use((req, res) => {
  //Do your work in anywhere.
  res.send('Some data...');
  res.end();
});

app.listen(55100, function () {
  console.log("Running server on port 55100!");
});

Mini-WAF blocking Denial of Service attacks

With custom rules we can block specified methods for specific IPs or User-Agents, and also for specific routes just creating a simple DACL object and adding it to our rule.

Dacls: [
  {
    NetworkLayers: Waf.WAF_NETWORK_LAYER.PROTOCOL_IPV4,
    MatchTypes: Waf.WAF_MATCH_TYPE.MATCH_METHOD_TYPE,
    ManageType: Waf.WAF_MANAGE_TYPE.BLOCK,
    Directions: Waf.WAF_RULE_DIRECTION.INBOUND,
    MethodTypes: "GET|POST|PUT|DELETE|PATCH",
    Description: 'Blocking GET, POST, PUT, DELETE, PATCH request methods.'
  }
]

Also, block unauthorized access is very easy.

Dacls: [
  {
    NetworkLayers: Waf.WAF_NETWORK_LAYER.PROTOCOL_IPV4,
    MatchTypes: Waf.WAF_MATCH_TYPE.MATCH_IP,
    ManageType: Waf.WAF_MANAGE_TYPE.BLOCK,
    Directions: Waf.WAF_RULE_DIRECTION.INBOUND,
    Ipv4Address: '206.189.180.4',
    Description: 'Blocking a specific IP address.'
  }
]

Log of attacks

About

A Minimalistic Web Application Firewall for your purposes in NodeJS servers.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published