{"id":40992218,"url":"https://github.com/thegodenage/waffle","last_synced_at":"2026-01-22T07:41:18.820Z","repository":{"id":225282269,"uuid":"751306398","full_name":"thegodenage/waffle","owner":"thegodenage","description":"Web Application Firewall, made in go.","archived":false,"fork":false,"pushed_at":"2024-10-30T06:45:08.000Z","size":10584,"stargazers_count":91,"open_issues_count":8,"forks_count":11,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-10-30T18:47:19.353Z","etag":null,"topics":["ddos","ddos-protection","golang","hacktoberfest","open-source","security","waf"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thegodenage.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-01T10:49:10.000Z","updated_at":"2024-10-30T11:45:16.000Z","dependencies_parsed_at":"2024-10-30T18:57:21.526Z","dependency_job_id":null,"html_url":"https://github.com/thegodenage/waffle","commit_stats":null,"previous_names":["cebilon123/waffle","thegodenage/waffle"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/thegodenage/waffle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thegodenage%2Fwaffle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thegodenage%2Fwaffle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thegodenage%2Fwaffle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thegodenage%2Fwaffle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thegodenage","download_url":"https://codeload.github.com/thegodenage/waffle/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thegodenage%2Fwaffle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28658151,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T01:17:37.254Z","status":"online","status_checked_at":"2026-01-22T02:00:07.137Z","response_time":144,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ddos","ddos-protection","golang","hacktoberfest","open-source","security","waf"],"created_at":"2026-01-22T07:41:18.195Z","updated_at":"2026-01-22T07:41:18.812Z","avatar_url":"https://github.com/thegodenage.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 style=\"text-align: center\" align=\"center\"\u003eWAFFLE\u003c/h1\u003e\n\n[//]: # (We have a discord, come and join :)\n\n[//]: # (https://discord.gg/kNfZzCx7se)\n\n\u003cdiv align=\"center\"\u003e\n\n\n  \u003cimg src=\"readme/gifs/logo.gif\" alt=\"drawing\" width=\"400\" class=\"logo\"/\u003e\n\n\n\u003c/div\u003e\n\n---\n\n[//]: # (the problem)\n\u003ch1\u003e❗ The problem \u003c/h1\u003e\n\u003cdiv style=\"display: flex; justify-content: space-between\"\u003e\n    \u003cp style=\"width: 30%\"\u003e\n        Imagine, that you are a user who wants to play a game, or use a website on remote server, but something isn't right,\n        the connection is so slow, and you don't know why. You are probably mad, because you can't watch your favorite\n        cat videos and images. Anime is out of your reach as well, you are thinking about eating pizza from tasty \u003cb\u003eDa Grasso\u003c/b\u003e 🐴\n        to make your day just a little bit better and better.\n    \u003c/p\u003e\n    \u003cdiv align=\"center\"\u003e\n        \u003cimg src=\"readme/gifs/ddos_attack.gif\"alt=\"drawing\" width=\"500\" class=\"logo\"/\u003e\n    \u003c/div\u003e\n\u003c/div\u003e\n\n---\n\n[//]: # (the solution)\n\u003ch1 style=\"text-align: right\"\u003e💚 The solution\u003c/h1\u003e\n\n\n\u003cdiv style=\"display: flex; justify-content: space-between\"\u003e\n    \u003cdiv align=\"center\"\u003e\n        \u003cimg src=\"readme/gifs/ddos_defence.gif\" alt=\"drawing\" width=\"500\" class=\"logo\"/\u003e\n    \u003c/div\u003e\n    \u003cp style=\"width: 30%\"\u003e\n        You wrote to the website administrator to use \u003cb\u003eWaffle\u003c/b\u003e, the \u003cb\u003eopen-source\u003c/b\u003e DDOS protector, the reverse\n        proxy of future, the strongest defense of all, and it's free (and not nearly done at all)! \n    \u003c/p\u003e\n\u003c/div\u003e\n\n## Documentation\nThis is github wiki's based documentation of the project (in progress):\n- [Documentation](https://github.com/cebilon123/waffle/wiki/Documentation)\n\n## Introduction\nProbably you know about CloudFlare, every one knows, but this is a partially paid solution. As the open source community\nwe are missing a real modular and open source **Web Application Firewall** that could be used in the place of CF.\nThe project is huge, tho we are looking for the contributors.\n\n## How to run / Develop ?\n\n### Prerequisites \n+ Go 1.22+\n+ golangci-lint\n+ [Npcap](https://npcap.com/) (windows)\n+ make (if windows, try using chocolatey)\n+ openssl (if windows, try using git bash)\n+ [mockery](https://vektra.github.io/mockery/latest/installation/) \n\n1. Create certificates and FS embed go file provider `make certs_windows`\n[//]: # (2. Execute `docker compose up -d` to create needed infrastructure)\n2. Set environment variables before running the proxy:\n\n### Generate certificates\nExecute make certs_windows and go through process. It should certs in the .cert directory.\n\n### Next steps\n\n\u003e \\[!IMPORTANT]\n\u003e\n\u003e\n\u003e\n\u003e Currently, the project can be only used with GO installed locally, but there is a plan to create usable binaries.\n\n**How to run binaries?*\nCurrently there are 3 binaries: \n- collector\n- proxy\n- tcpproxy (partially done)\n\nThe proxy is the core binary, which can be kind of used, to run it execute:\n`go run ./cmd/proxy/main.go`\n\nRemember to add valid config to the `./cmd/proxy/config.yml` file, looks something like this:\n```yaml\ndns:\n  - host: \"google.localhost:8080\"\n    address: \"https://google.com\"\n  - host: \"100commitow.localhost:8080\"\n    address: \"https://100commitow.pl\"\n\nrules:\n  custom:\n    - name: \"request payload must contain at least one character and should contain at least one header\"\n      predicate: \"p =\u003e LEN(p.payload) \u003e 0 \u0026\u0026 LEN(p.headers) \u003e 0\"\n    - name: \"payload must be a json\"\n      predicate: \"p =\u003e FORMAT(p.payload) == 'json'\"\n```\n\n## Planned features / Architecture\nTo bo honest, I'm learning how to write WAF from the scratch, so this part will be updated after a while. \n\n- [X] XSS protection (HTML + we can take a look on sql injection)\n- [ ] DDOS protection\n\n## What I have learned?\n- Neovim\n- DDOS protection\n- XSS /SQLI protection\n\n# Contribution\n### What do I need to know to help?\nIf you are looking to help to with a code contribution our project uses  **GO, k8s.** \n\n### How can I do that?\n\nNever made an open source contribution before? Wondering how contributions work in the in our project? Here's a quick rundown!\n\nFind an issue that you are interested in addressing or a feature that you would like to add.\n\nFork the repository associated with the issue to your local GitHub organization. This means that you will have a copy of the repository under your-GitHub-username/repository-name.\n\nClone the repository to your local machine using git clone. \n\nCreate a new branch for your fix using git checkout -b branch-name-here.\n\nMake the appropriate changes for the issue you are trying to address or the feature that you want to add.\n\nUse git add insert-paths-of-changed-files-here to add the file contents of the changed files to the \"snapshot\" git uses to manage the state of the project, also known as the index.\n\nUse git commit -m \"Insert a short message of the changes made here\" to store the contents of the index with a descriptive message.\n\nPush the changes to the remote repository using git push origin branch-name-here.\n\nSubmit a pull request to the upstream repository.\n\nTitle the pull request with a short description of the changes made and the issue or bug number associated with your change. For example, you can title an issue like so \"Added more log outputting to resolve #4352\".\n\nIn the description of the pull request, explain the changes that you made, any issues you think exist with the pull request you made, and any questions you have for the maintainer. It's OK if your pull request is not perfect (no pull request is), the reviewer will be able to help you fix any problems and improve it!\n\nWait for the pull request to be reviewed by a maintainer.\n\nMake changes to the pull request if the reviewing maintainer recommends them.\n\nCelebrate your success after your pull request is merged! 🚀\n\nWhere can I go for help?\nIf you need help, you can ask questions on our Discord: https://discord.gg/33azuUWnm4\n\nWhat does the Code of Conduct mean for me?\n\n\u003e Our Code of Conduct means that you are responsible for treating everyone on the project with respect and courtesy regardless of their identity. If you are the victim of any inappropriate behavior or comments as described in our Code of Conduct, we are here for you and will do the best to ensure that the abuser is reprimanded appropriately, per our code.\n\n\u003e HTML injection are attacks agains the HTML tokenization algorithm, examples:\n![img.png](readme/html_injection_Samples.png)\n\u003e Basically, we need to tokenize input and check attributes, tags against a set of rules\n\nLinks:\n+ [A Comprehensive Examination of Cloudflare's IP-based Distributed Denial of Service Mitigation](https://www.researchgate.net/publication/375238537_A_Comprehensive_Examination_of_Cloudflare%27s_IP-based_Distributed_Denial_of_Service_Mitigation)\n+ [A Brief Study on The Evolution of Next Generation Firewall and Web Application Firewall](https://www.researchgate.net/publication/351637754_A_Brief_Study_on_The_Evolution_of_Next_Generation_Firewall_and_Web_Application_Firewall)\n+ [SWAP: Mitigating XSS Attacks using a Reverse Proxy](https://sites.cs.ucsb.edu/~chris/research/doc/sess09_swap.pdf)\n+ ![img.png](readme/img.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthegodenage%2Fwaffle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthegodenage%2Fwaffle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthegodenage%2Fwaffle/lists"}