Mini WAF
Getting started into Mini-WAF!
A Minimalistic Web Application Firewall for your purposes in NodeJS servers. It will protect your servers against XSS, XSRF, DOS, LFI, SQL Injection, Unauthorized Remote Access, Unhandled Exceptions and Botnets attacks. Mini-WAF is a Minimalistic Web Application Firewall that avoid and block several attacks in HTTP and HTTPS protocols with a great support to IPv4 and IPv6.
Installation
You must run the following terminal command in same path of your project.
npm install mini-waf --save
First use of Mini-WAF with Express
After install Mini-WAF and it's dependencies you need load our middleware with an initialized object that contains all rules, callbacks and properties necessary to protect your application. By default, you can load our own waf config in wafrules module.
const express = ;const app = ; const Waf = ;const wafrules = ; //Register the middleware of Mini-WAF with standard rules.app; //Create your routes in your way!app; app;
Mini-WAF blocking Denial of Service attacks
With custom rules we can block specified methods for specific IPs or User-Agents, and also for specific routes just creating a simple DACL object and adding it to our rule.
Dacls: NetworkLayers: WafWAF_NETWORK_LAYERPROTOCOL_IPV4 MatchTypes: WafWAF_MATCH_TYPEMATCH_METHOD_TYPE ManageType: WafWAF_MANAGE_TYPEBLOCK Directions: WafWAF_RULE_DIRECTIONINBOUND MethodTypes: "GET|POST|PUT|DELETE|PATCH" Description: 'Blocking GET, POST, PUT, DELETE, PATCH request methods.'
Also, block unauthorized access is very easy.
Dacls: NetworkLayers: WafWAF_NETWORK_LAYERPROTOCOL_IPV4 MatchTypes: WafWAF_MATCH_TYPEMATCH_IP ManageType: WafWAF_MANAGE_TYPEBLOCK Directions: WafWAF_RULE_DIRECTIONINBOUND Ipv4Address: '206.189.180.4' Description: 'Blocking a specific IP address.'
Log of attacks