WAF: free web application firewall hosted on digitalocean, would you like it?

December 5, 2015 9k views
Security Node.js Nginx

Hi!

Last year I’ve started to develop a WAF (web application firewall) based on Nginx (openresty) + ModSecurity and Nodejs. Now the WAF is stable and it works like a charm :)

I would like to create a new branch of this project (waf.blue) and create a FREE service waf-in-cloud for small websites / blogs / etc … (not enterprise) called waf.red and hosted on digitalocean. The free WAF will include all ModSecurity rules + Custom Rules + Shared Reputation DB + 2 months of reports and logs + real time dashboard.

Someone would be interested in using this kind of service? I’ve created a repository on github to collect opinions and show screenshots and video of the WAF.

https://github.com/theMiddleBlue/waf.red

hope this can be useful,
thanks!

-theMiddle

4 comments
  • It looks nice, have you considered making it open source? I was going to look at waf.blue but your website doesn’t really have any useful links, the Join Us link is broken so I couldn’t do anything with it.

    It looks nice to use but it would only fit into my servers if it could be a self hosted application, which it doesn’t sound like it is from your description. I know it could be useful for some people though.

  • Hi @jonaharagon thanks for your comment. you’re right, waf.blue is a “brochure” website only, and it doesn’t have so much info. I’m working hard to the “waf.red” website, it will include a registration process where you’ll be able to configure you WAF and use it.

    the idea is that you have to change your DNS website to a CNAME something like:

    www.example.com.     CNAME node1.waf.red.
    

    so node1.waf.red will receive all http requests and forward (as a reverse proxy) it to www.example.com and block attacks without forward it.

    i think is hard to make a WAF opensource, cos for doing that i need to publish the whole system image! I think could be more useful as a service.

    i’ll update this question when waf.red website is done. thank you!

    -theMiddle

  • It looks really smooth, and I think from experience alot of new DO users would appreciate something like this. If its easy to setup for them and there is a good docu, it could become popular in my opinion. You should make your project here once its done, would be great.

  • Hi @CrypticDesigns thanks for your comment! I’m a little bit worried about the change DNS by end users. I don’t know if this should be easy to do by all users, i don’t know if all users know what is a CNAME :) But probably who need a WAF is not a “simple” end user :)

5 Answers

Hi guys!

I’m working to the registration process on waf.red website, i think i’ll complete it soon :)

I’ve just configured a “demo user” for make you try the WAF Web GUI. I would love to know your opinions about it :) It is not a “production state” for now, it is a “pre-alfa”. You need to login to:

https://node1.waf.red/

Console: https://node1.waf.red/
Username: demo@waf.red
Password: demo
Demo Website: http://scream48.com

The WAF protect a demo website (scream48.com) that you can use it for generate events on the demo account. For example, you’ll see a request by you IP Address if you do:
curl -v "http://scream48.com"

thank you!
others news coming soon :)

-theMiddle

Hi!

i’ve completed the sign up process :) Now is possible to start to use the WAF and create configurations.

https://waf.red/signup

Comments or Suggestions are really appreciated :)

-theMiddle

Did you try Wallarm? It’s built on top of NGINX with automatic learning from the traffic and vulnerability scanner built-in

Did this come along? I can’t view the node1.waf.red website. Would love to have a WAF service.

Sorry to rejuvenate this thread, but waf.red is way too intrusive with its CNAME requirement, and Bugshield.io is gone. Wallarm looks nice, but the Nginx install gives an error. I followed the instructions on their website, and while executing yum install wallarm-node-nginx nginx-module-wallarm, I get this error:

Error: Package: ruby-proton-2.12.0-1.x86_64 (wallarm-node)
           Requires: libproton212 = 2.12.0-1
Error: ruby-proton conflicts with nginx-module-wallarm-2.10.7-1.el7.x86_64
Error: Package: ruby-proton-2.12.0-1.x86_64 (wallarm-node)
           Requires: libproton.so.2.12()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

This is on CentOS 7.x. Any ideas?

Have another answer? Share your knowledge.