A modern web application firewall (WAF) management system built on top of HAProxy and OWASP Coraza WAF with the Coraza SPOA integration. This system provides a comprehensive backend API for managing HAProxy configurations, Coraza WAF rules, and traffic inspection.
run the application in less than 30 seconds,default username: admin,default password: admin123
output.mp4
Simple WAF implements a modular architecture with HAProxy at the front handling traffic and Coraza WAF providing security inspection through SPOE (Stream Processing Offload Engine):
graph TD
Client[Client] -->|HTTP Request| HAProxy
HAProxy -->|TCP Connection| SPOE[Coraza SPOE Agent]
SPOE -->|Message Type Recognition| TypeCheck
TypeCheck -->|coraza-req| ReqHandler[Request Handler]
TypeCheck -->|coraza-res| ResHandler[Response Handler]
ReqHandler -->|Get App Name| ReqApp[Find Application]
ResHandler -->|Get App Name| ResApp[Find Application]
ReqApp -->|Process Request| ReqProcess[Request Processor]
ResApp -->|Process Response| ResProcess[Response Processor]
ReqProcess --> Return[Return Results to HAProxy]
ResProcess --> Return
HAProxy -->|Apply Action| Action[Allow/Deny/Log]
Action -->|Response| Client
[HAProxy Request] → [internal.Agent.Serve(Listener)]
↓
Create spop.Agent
agent := spop.Agent{
Handler: a,
BaseContext: a.Context,
}
↓
[spop.Agent.Serve(Listener)]
↓
Accept new connections
nc, err := l.Accept()
↓
Create protocol handler
p := newProtocolClient(ctx, nc, as, handler)
↓
Start goroutine for connection
go func() {
p.Serve()
}()
↓
[protocolClient.Serve]
Process frames in connection
↓
[frameHandler processes Frame]
Dispatch based on frame type
↓
[onNotify handles messages]
Create message scanner and objects
Call Handler.HandleSPOE
↓
[internal.Agent.HandleSPOE processing]
↓
Parse message type (coraza-req/coraza-res)
↓
Get application name
↓
Find Application
↓
Execute message handler
↓
Process return results
↓
[Return to HAProxy]
-
HAProxy Integration
- Full HAProxy lifecycle management (start, stop, restart)
- Dynamic configuration generation
- Real-time status monitoring
-
Coraza WAF Integration
- OWASP Core Rule Set (CRS) support
- ModSecurity SecLang rule compatibility
- Custom rule management
- WAF engine lifecycle management
-
Advanced Security
- HTTP request inspection
- HTTP response inspection
- Real-time attack detection and prevention
- RBAC user permission system
-
Monitoring and Logging
- WAF attack logs and analytics
- Traffic statistics
- Performance metrics
-
API-Driven Workflow
- RESTful API with Gin framework
- Swagger/ReDoc API documentation
- JWT authentication
- Go 1.24.1 or higher
- Node.js 23.10.0 and pnpm 10.6.5 (for frontend development)
- HAProxy 3.0 (for local development)
- MongoDB 6.0
- Docker and Docker Compose (for containerized deployment)
- Clone the repository:
git clone https://github.com/HUAHUAI23/simple-waf.git
cd simple-waf- Setup the frontend development environment:
cd server/web
pnpm install
pnpm dev # For development mode with hot reload
# or
pnpm build # For production build
cd ../..- Configure backend environment:
cp server/.env.template server/.env
# Edit .env with your configurations- Run the Go backend service:
go work use ./coraza-spoa ./pkg ./server
cd server
go run main.goThe development server will start with:
- API server:
http://localhost:2333/api/v1 - Swagger UI:
http://localhost:2333/swagger/index.html - ReDoc UI:
http://localhost:2333/redoc - Frontend:
http://localhost:2333/
- Clone the repository:
git clone https://github.com/HUAHUAI23/simple-waf.git
cd simple-waf- Build the Docker image:
docker build -t simple-waf:latest .- Run as a standalone container:
docker run -p 2333:2333 -p 8080:8080 -p 443:443 -p 80:80 -p 9443:9443 -p 8404:8404 simple-waf:latest- Alternatively, use Docker Compose for a complete deployment with MongoDB:
# Edit docker-compose.yaml to configure environment variables if needed
docker-compose up -dThis will start both MongoDB and Simple WAF services with all required configurations.
This project is licensed under the MIT License - see the LICENSE file for details.