{"id":36924114,"url":"https://github.com/mguinness/KestrelWAF","last_synced_at":"2026-01-19T18:00:43.471Z","repository":{"id":41094004,"uuid":"332538317","full_name":"mguinness/KestrelWAF","owner":"mguinness","description":"A basic WAF for the Kestrel web server.","archived":false,"fork":false,"pushed_at":"2024-10-13T22:15:59.000Z","size":70,"stargazers_count":48,"open_issues_count":1,"forks_count":12,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-10-20T10:36:40.559Z","etag":null,"topics":["asp-net-core","geolite2","reverse-proxy","rules-engine","waf"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mguinness.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-01-24T19:35:34.000Z","updated_at":"2025-06-09T23:22:29.000Z","dependencies_parsed_at":"2024-05-12T07:23:35.339Z","dependency_job_id":"ecefa61a-b956-45c2-b038-e0068863c7d7","html_url":"https://github.com/mguinness/KestrelWAF","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mguinness/KestrelWAF","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mguinness%2FKestrelWAF","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mguinness%2FKestrelWAF/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mguinness%2FKestrelWAF/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mguinness%2FKestrelWAF/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mguinness","download_url":"https://codeload.github.com/mguinness/KestrelWAF/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mguinness%2FKestrelWAF/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28578952,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T17:42:58.221Z","status":"ssl_error","status_checked_at":"2026-01-19T17:40:54.158Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["asp-net-core","geolite2","reverse-proxy","rules-engine","waf"],"created_at":"2026-01-12T19:00:25.486Z","updated_at":"2026-01-19T18:00:43.462Z","avatar_url":"https://github.com/mguinness.png","language":"C#","funding_links":[],"categories":["C# #"],"sub_categories":[],"readme":" # Kestrel WAF\nA basic WAF for the Kestrel web server.\n\n## Introduction\nA [web application firewall](https://en.wikipedia.org/wiki/Web_application_firewall) is software that monitors and blocks HTTP traffic to a web service.\n\nUsing [Reverse Proxy](https://microsoft.github.io/reverse-proxy/) from Microsoft allows this project to both filter and forward traffic to another server.\n\nThis project is an attempt to implement a rules based WAF using [ASP.NET Core Middleware](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/).\n\n## BRE\n\n[Business rules engine](https://en.wikipedia.org/wiki/Business_rules_engine) is software that executes one or more business rules in a configurable runtime environment.\n\nThis provides flexibility to the end user to define rules to control inbound web traffic with little or no programming experience.\n\n## Setup\n\nThis project uses the [Micro Rule Engine](https://github.com/runxc1/MicroRuleEngine) based on [Expression Trees](https://docs.microsoft.com/en-us/dotnet/csharp/expression-trees).\n\nThat project [README](https://github.com/runxc1/MicroRuleEngine/blob/master/README.md) covers the different kinds of expressions that can be used, so I'd encourage you to read that beforehand.\n\nThe inclusion of a boolean Negate field has been added to that library, allowing the result of a rule to be inverted which provides further versatility.\n\nRules will then be defined and stored in the appsettings.json file using ASP.NET Core [Configuration](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0#bind-hierarchical-configuration-data-using-the-options-pattern) options pattern.\n\nAn instance of the WebRequest class is created for each request which exposes fields like URL, IP address, user agent etc. for the rules engine to interact with.\n\nBelow is a example of different rules that can be defined.  In addition rules may be nested for more complex logic.\n\n```JSON\n\"Configuration\": {\n  \"Ruleset\": {\n    \"Operator\": \"OrElse\",\n    \"Rules\": [\n      {\n        \"MemberName\": \"Path\",\n        \"Operator\": \"EndsWith\",\n        \"Inputs\": [ \".php\" ]\n      },\n      {\n        \"MemberName\": \"UserAgent\",\n        \"Operator\": \"IsMatch\",\n        \"TargetValue\": \"^(curl|java|python)\"\n      },\n      {\n        \"Operator\": \"InSubnet\",\n        \"Inputs\": [ \"192.168.10.0\", 24 ],\n        \"Negate\": true\n      },\n      {\n        \"Operator\": \"IpInFile\",\n        \"Inputs\": [ \"C:\\\\Temp\\\\blocklist.txt\" ]\n      }\n    ]\n  }\n}\n```\n\nWhen a web request is received and processed by the rules, if any of the above match the request will be rejected and will return a 403 Forbidden [status code](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_client_errors).\n\n## GeoLite2\n\nMaxMind provides free [Geolocation data](https://dev.maxmind.com/geoip/geoip2/geolite2/).  Register and download the GeoLite2 database and specify the file location in the settings file.\n\n```JSON\n\"Configuration\": {\n  \"GeoLiteFile\": \"C:\\\\MaxMind\\\\GeoLite2-Country.mmdb\"\n}\n```\n\nYou will be able to lookup the geographic location of any IP address which will allow you to block requests by country if required.\n\n```JSON\n{\n  \"MemberName\": \"IpCountry\",\n  \"Operator\": \"IsInInput\",\n  \"Inputs\": [ \"CN\", \"RU\" ]\n}\n```\n\n## Conclusion\n\nThis is a very simple implementation of a WAF, but as you can see it can be expanded upon very easily.  Any contributions to this project would be welcomed.\n\n## Credits\n\nYARP: A Reverse Proxy\nhttps://github.com/microsoft/reverse-proxy\n\nMicro Rule Engine\nhttps://github.com/runxc1/MicroRuleEngine\n\nMaxMind DB Reader\nhttps://github.com/maxmind/MaxMind-DB-Reader-dotnet\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmguinness%2FKestrelWAF","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmguinness%2FKestrelWAF","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmguinness%2FKestrelWAF/lists"}