{"id":26063254,"url":"https://github.com/edgio/waflz","last_synced_at":"2025-08-02T13:05:46.051Z","repository":{"id":37052061,"uuid":"136430151","full_name":"Edgio/waflz","owner":"Edgio","description":"multitenant ModSecurity compatible WAF engine from Edgio","archived":false,"fork":false,"pushed_at":"2024-12-16T22:52:09.000Z","size":49204,"stargazers_count":88,"open_issues_count":2,"forks_count":28,"subscribers_count":22,"default_branch":"master","last_synced_at":"2025-05-26T06:09:46.632Z","etag":null,"topics":["modsecurity","waf"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Edgio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-2.0.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-07T06:09:10.000Z","updated_at":"2025-05-15T07:23:47.000Z","dependencies_parsed_at":"2024-12-17T00:03:11.827Z","dependency_job_id":null,"html_url":"https://github.com/Edgio/waflz","commit_stats":null,"previous_names":[],"tags_count":59,"template":false,"template_full_name":null,"purl":"pkg:github/Edgio/waflz","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Edgio%2Fwaflz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Edgio%2Fwaflz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Edgio%2Fwaflz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Edgio%2Fwaflz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Edgio","download_url":"https://codeload.github.com/Edgio/waflz/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Edgio%2Fwaflz/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268393861,"owners_count":24243314,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["modsecurity","waf"],"created_at":"2025-03-08T16:34:25.148Z","updated_at":"2025-08-02T13:05:45.904Z","avatar_url":"https://github.com/Edgio.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"![waflz-ci](https://github.com/edgio/waflz/workflows/waflz-ci/badge.svg)\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"/docs/_images/waflz_white.svg\" title=\"waflz\" width=\"200\"/\u003e\n\u003c/p\u003e\n\n# waflz\n\u003e _A multitenant ModSecurity compatible WAF engine. [Docs](https://edgio.github.io/waflz/ \"waflz docs\")_\n\n## Table of Contents\n\n- [Background](#background)\n- [Install](#install)\n- [Usage](#usage)\n- [Contribute](#contribute)\n- [License](#license)\n\n## Background\nAn implementation of a WAF engine in c/c++ supporting processing a subset of ModSecurity rules functionalties, configurable with either json or ModSecurity rules.  waflz is optimized to support running many WAF profiles side by side, by using [faster](https://github.com/edgio/waflz/blob/master/src/op/nms.h \"IP tree\")/[smaller](https://github.com/edgio/waflz/blob/master/src/op/ac.h \"Aho–Corasick\") internal data types and sharing common ruleset data between the profiles -ie if multiple WAF profiles refer to the same ruleset(s), the ruleset(s) are loaded only once for all and shared in memory.\n\n### Rationale\nThe Edgio global edge platform is a multitenant CDN supporting our hundreds of thousands individual customer configurations from any given location.  The Edgio WAF supports running OWASP Core Rulesets as well as some third-party rulesets.  The performance and resource allocation of any given customer configuration has the potential of impacting others -ie eventually all configurations live in memory on a physical server in a \"Point of Presence\" (POP) in a datacenter.  It was important then to the Edgio CDN the WAF be as high performant, memory constrained, and deterministic as possible.\n\n### Capabilities\nThe open source standard implementation of the [ModSecurity Rules Engine](https://github.com/SpiderLabs/ModSecurity \"ModSecurity\") -while excellent, and extremely flexible for individuals' use-cases, could be problematic in a CDN, where performance is the product.  Several ModSecurity capabilities eg [SecRemoteRules](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecRemoteRules \"SecRemoteRules\") and [inspectFile](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#inspectFile \"inspectFile\"), were intentionally ommitted, due to potential performance impacts in a multitenant environment.  A list of currently supported variables, operators and transforms are listed in the [capabilities section of the docs](https://edgio.github.io/waflz/capabilities \"waflz capabilities\")\n\n\n## Install\n\n### Building\n\n#### Ubuntu (18.04/20.04)\n\n##### Package Requirements\n\n```sh\n$ sudo apt-get install -y libssl-dev libpcre3-dev libxml2-dev libicu-dev protobuf-compiler libprotobuf-dev liblzma-dev python3-pip\n```\n\n##### Python Package Requirements\n```sh\n$ pip3 install -r requirements.txt\n```\n\n##### Build\nThis script will build, run tests, and create packages\n\n```sh\n$ ./build.sh\n```\n\n##### Install (optional)\n```sh\ncd ./build\nsudo make install\n```\n\n#### OS X\n\n##### Package Requirements (with Homebrew)\n```sh\n$ brew install cmake openssl protobuf libxml2 pcre dpkg rapidjson jq\n```\n\n##### Python Package Requirements\n```sh\n$ pip3 install -r requirements.txt\n```\n\n##### Build\n```sh\n$ ./build.sh\n```\n\n### Running Tests\n```sh\n$ cd ./build\n$ make test\n```\n\n### Source Code Layout\nThe waflz root directory contains this README, the build.sh script which automates building/testing/packaging, and other files related to CI/CD.\n\nInside the root are the following important directories:\n\n- `docs`: Contains everything necessary to generate documentation.  Changes should be made inside the source subdirectory.\n- `ext`: External libraries that are compiled and used by waflz\n- `include/waflz`: The core C/C++ header files\n- `proto`: The Protocol Buffer definition files used by waflz\n- `src`: The core C/C++ source files, organized by functionality\n- `sub`: Contains the submodules used by waflz\n- `tests`: Contains the waflz test suite, which includes blackbox, whitebox, and stress testing\n- `util`: Utility applications that are useful for testing and validation of the waflz library\n\n## Usage\n\n### Running standalone waflz_server for testing WAF rules\n\n```sh\n$ cat rule.conf\n  SecRule \u0026REQUEST_HEADERS:Host \"@eq 0\" \\\n        \"phase:2,\\\n        rev:'2',\\\n        ver:'OWASP_CRS/2.2.9',\\\n        t:none,block,\\\n        msg:'Request Missing a Host Header',\\\n        id:'960008',\\\n        severity:'4',\\\n        setvar:'tx.msg=%{rule.msg}',\\\n        setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},\\\n        setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}\"\n\n$ ./build/util/waflz_server/waflz_server --modsecurity=rule.conf\n\n```\n\n### curl'ing waflz_server\n\n```sh\n$ curl -s \"http://localhost:12345/index.html\" -H\"Host:\" | jq '.'\n{\n  \"matched_var\": {\n    \"name\": \"REQUEST_HEADERS\",\n    \"value\": \"MA==\"\n  },\n  \"rule_msg\": \"Inbound Anomaly Score Exceeded (Total Score: 3): Last Matched Message: Request Missing a Host Header\",\n  \"rule_op_name\": \"gt\",\n  \"rule_op_param\": \"0\",\n  \"rule_tag\": [\n    \"OWASP_CRS/ANOMALY/EXCEEDED\"\n  ],\n  \"rule_target\": [\n    {\n      \"name\": \"TX\",\n      \"param\": \"ANOMALY_SCORE\"\n    }\n  ],\n  \"sub_event\": [\n    {\n      \"matched_var\": {\n        \"name\": \"REQUEST_HEADERS\",\n        \"value\": \"MA==\"\n      },\n      \"rule_id\": 960008,\n      \"rule_intercept_status\": 403,\n      \"rule_msg\": \"Request Missing a Host Header\",\n      \"rule_op_name\": \"EQ\",\n      \"rule_op_param\": \"0\",\n      \"rule_target\": [\n        {\n          \"is_counting\": true,\n          \"name\": \"REQUEST_HEADERS\",\n          \"param\": \"Host\"\n        }\n      ],\n      \"total_anomaly_score\": 3,\n      \"waf_profile_id\": \"__na__\",\n      \"waf_profile_name\": \"__na__\"\n    }\n  ],\n  \"total_anomaly_score\": 3,\n  \"waf_profile_id\": \"__na__\",\n  \"waf_profile_name\": \"__na__\"\n}\n```\n\n## Contribute\n\n- We welcome issues, questions and pull requests.\n\n\n## License\n\nThis project is licensed under the terms of the Apache 2.0 open source license. Please refer to the `LICENSE-2.0.txt` file for the full terms.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedgio%2Fwaflz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedgio%2Fwaflz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedgio%2Fwaflz/lists"}