Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mguinness/kestrelwaf
A basic WAF for the Kestrel web server.
https://github.com/mguinness/kestrelwaf
asp-net-core geolite2 reverse-proxy rules-engine waf
Last synced: 3 days ago
JSON representation
A basic WAF for the Kestrel web server.
- Host: GitHub
- URL: https://github.com/mguinness/kestrelwaf
- Owner: mguinness
- License: mit
- Created: 2021-01-24T19:35:34.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-10-13T22:15:59.000Z (2 months ago)
- Last Synced: 2024-12-12T20:14:42.981Z (10 days ago)
- Topics: asp-net-core, geolite2, reverse-proxy, rules-engine, waf
- Language: C#
- Homepage:
- Size: 68.4 KB
- Stars: 45
- Watchers: 7
- Forks: 12
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Kestrel WAF
A basic WAF for the Kestrel web server.## Introduction
A [web application firewall](https://en.wikipedia.org/wiki/Web_application_firewall) is software that monitors and blocks HTTP traffic to a web service.Using [Reverse Proxy](https://microsoft.github.io/reverse-proxy/) from Microsoft allows this project to both filter and forward traffic to another server.
This project is an attempt to implement a rules based WAF using [ASP.NET Core Middleware](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/middleware/).
## BRE
[Business rules engine](https://en.wikipedia.org/wiki/Business_rules_engine) is software that executes one or more business rules in a configurable runtime environment.
This provides flexibility to the end user to define rules to control inbound web traffic with little or no programming experience.
## Setup
This project uses the [Micro Rule Engine](https://github.com/runxc1/MicroRuleEngine) based on [Expression Trees](https://docs.microsoft.com/en-us/dotnet/csharp/expression-trees).
That project [README](https://github.com/runxc1/MicroRuleEngine/blob/master/README.md) covers the different kinds of expressions that can be used, so I'd encourage you to read that beforehand.
The inclusion of a boolean Negate field has been added to that library, allowing the result of a rule to be inverted which provides further versatility.
Rules will then be defined and stored in the appsettings.json file using ASP.NET Core [Configuration](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-5.0#bind-hierarchical-configuration-data-using-the-options-pattern) options pattern.
An instance of the WebRequest class is created for each request which exposes fields like URL, IP address, user agent etc. for the rules engine to interact with.
Below is a example of different rules that can be defined. In addition rules may be nested for more complex logic.
```JSON
"Configuration": {
"Ruleset": {
"Operator": "OrElse",
"Rules": [
{
"MemberName": "Path",
"Operator": "EndsWith",
"Inputs": [ ".php" ]
},
{
"MemberName": "UserAgent",
"Operator": "IsMatch",
"TargetValue": "^(curl|java|python)"
},
{
"Operator": "InSubnet",
"Inputs": [ "192.168.10.0", 24 ],
"Negate": true
},
{
"Operator": "IpInFile",
"Inputs": [ "C:\\Temp\\blocklist.txt" ]
}
]
}
}
```When a web request is received and processed by the rules, if any of the above match the request will be rejected and will return a 403 Forbidden [status code](https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_client_errors).
## GeoLite2
MaxMind provides free [Geolocation data](https://dev.maxmind.com/geoip/geoip2/geolite2/). Register and download the GeoLite2 database and specify the file location in the settings file.
```JSON
"Configuration": {
"GeoLiteFile": "C:\\MaxMind\\GeoLite2-Country.mmdb"
}
```You will be able to lookup the geographic location of any IP address which will allow you to block requests by country if required.
```JSON
{
"MemberName": "IpCountry",
"Operator": "IsInInput",
"Inputs": [ "CN", "RU" ]
}
```## Conclusion
This is a very simple implementation of a WAF, but as you can see it can be expanded upon very easily. Any contributions to this project would be welcomed.
## Credits
YARP: A Reverse Proxy
https://github.com/microsoft/reverse-proxyMicro Rule Engine
https://github.com/runxc1/MicroRuleEngineMaxMind DB Reader
https://github.com/maxmind/MaxMind-DB-Reader-dotnet