Never Punch Manticores

    mini-waf

    0.4.99 • Public • Published

    Mini WAF

    Getting started into Mini-WAF!

    A Minimalistic Web Application Firewall for your purposes in NodeJS servers. It will protect your servers against XSS, XSRF, DOS, LFI, SQL Injection, Unauthorized Remote Access, Unhandled Exceptions and Botnets attacks. Mini-WAF is a Minimalistic Web Application Firewall that avoid and block several attacks in HTTP and HTTPS protocols with a great support to IPv4 and IPv6.

    Installation

    You must run the following terminal command in same path of your project.

    npm install mini-waf --save
    

    First use of Mini-WAF with Express

    After install Mini-WAF and it's dependencies you need load our middleware with an initialized object that contains all rules, callbacks and properties necessary to protect your application. By default, you can load our own waf config in wafrules module.

     
    const express = require("express");
    const app = express();
     
    const Waf = require('mini-waf/wafbase');
    const wafrules = require('mini-waf/wafrules');
     
    //Register the middleware of Mini-WAF with standard rules.
    app.use(Waf.WafMiddleware(wafrules.DefaultSettings));
     
    //Create your routes in your way!
    app.use((req, res) => {
      //Do your work in anywhere.
      res.send('Some data...');
      res.end();
    });
     
    app.listen(55100, function () {
      console.log("Running server on port 55100!");
    });
     

    Mini-WAF blocking Denial of Service attacks

    With custom rules we can block specified methods for specific IPs or User-Agents, and also for specific routes just creating a simple DACL object and adding it to our rule.

    Dacls: [
      {
        NetworkLayers: Waf.WAF_NETWORK_LAYER.PROTOCOL_IPV4,
        MatchTypes: Waf.WAF_MATCH_TYPE.MATCH_METHOD_TYPE,
        ManageType: Waf.WAF_MANAGE_TYPE.BLOCK,
        Directions: Waf.WAF_RULE_DIRECTION.INBOUND,
        MethodTypes: "GET|POST|PUT|DELETE|PATCH",
        Description: 'Blocking GET, POST, PUT, DELETE, PATCH request methods.'
      }
    ]

    Also, block unauthorized access is very easy.

    Dacls: [
      {
        NetworkLayers: Waf.WAF_NETWORK_LAYER.PROTOCOL_IPV4,
        MatchTypes: Waf.WAF_MATCH_TYPE.MATCH_IP,
        ManageType: Waf.WAF_MANAGE_TYPE.BLOCK,
        Directions: Waf.WAF_RULE_DIRECTION.INBOUND,
        Ipv4Address: '206.189.180.4',
        Description: 'Blocking a specific IP address.'
      }
    ]

    Log of attacks

    Install

    npm i mini-waf

    DownloadsWeekly Downloads

    37

    Version

    0.4.99

    License

    MIT

    Unpacked Size

    132 kB

    Total Files

    9

    Last publish

    Collaborators

    • muryllo.pimenta