Share
## https://sploitus.com/exploit?id=2F04D361-C9D1-5C89-ABE4-5D4E0E058B12
# Adaptive Web Application Firewall (WAF) - v1 Rule-Based
A hobby project: A Web Application Firewall built with FastAPI and Python to detect and block common web attacks like XSS, SQL injection, path traversal, and more. This is a learning project for exploring cybersecurity concepts and Python web development.
**Note:** This is currently a rule-based WAF implementation (v1).
Future versions will include adaptive/machine learning capabilities for dynamic threat detection.
## ๐ก๏ธ Features
### Security Protections
- **XSS Detection**: Blocks cross-site scripting attacks
- **SQL Injection Prevention**: Detects and blocks SQL injection attempts
- **Path Traversal Protection**: Prevents directory traversal attacks
- **Command Injection Defense**: Blocks command execution attempts
- **Header Injection Prevention**: Validates HTTP headers
- **Buffer Overflow Protection**: Prevents DoS via large payloads
- **Encoding Attack Detection**: Identifies obfuscated malicious content
- **Keyword Filtering**: Blocks suspicious parameter names
### Advanced Features
- **Circuit Breaker Pattern**: Protects backend services from cascade failures
- **SYN Flood Protection**: Rate limiting and connection monitoring
- **Honeypot Data Collection**: Logs detailed attack information
- **CAPTCHA Integration**: Challenge-response for suspicious traffic
- **Compression Support**: Gzip compression for responses
- **Security Headers**: Automatic security header injection
- **Input Validation**: Comprehensive request validation
### Logging & Monitoring
- **Structured JSON Logging**: Complete audit trails
- **Honeypot Logs**: Detailed attack forensics
- **Real-time Monitoring**: Request/response tracking
- **Configurable Log Levels**: Debug to production modes
## ๐ Quick Start
### Prerequisites
- Python 3.8+
- pip package manager
### Installation
1. **Clone the repository:**
```bash
git clone https://github.com/yourusername/adaptivewaf.git
cd adaptivewaf
```
2. **Install dependencies:**
```bash
pip install -r requirements.txt
```
3. **Configure the firewall:**
```bash
cp config.conf.example config.conf
# Edit config.conf with your settings
```
4. **Generate SSL certificates (optional):**
```bash
./generate_ssl_certs.sh
```
5. **Start the WAF:**
```bash
python main.py
```
The WAF will start on `http://localhost:8080` (and `https://localhost:8443` if SSL enabled).
## ๐ Configuration
Edit `config.conf` to customize:
### Backend Configuration
```ini
[proxy]
backend_url = http://your-backend-server:port/
host = 0.0.0.0
http_enabled = true
https_enabled = true
```
### Security Settings
```ini
[waf]
enabled = true
block_xss = true
block_sql_injection = true
block_path_traversal = true
# ... many more options
```
### Rate Limiting
```ini
[syn_protection]
enabled = true
max_connections_per_ip = 100
time_window = 60
block_duration = 300
```
## ๐ง API Endpoints
- `GET/POST/PUT/DELETE/PATCH/OPTIONS/HEAD /*` - Proxied requests to backend
- `GET /__captcha_verify` - CAPTCHA verification endpoint
## ๐งช Testing
### Penetration Testing
The WAF has been tested agai
---nst common attack vectors:
```bash
# XSS Attack
curl "http://localhost:8080/?search=alert('xss')"
# SQL Injection
curl "http://localhost:8080/?id=1%20UNION%20SELECT%20username,password%20FROM%20users"
# Path Traversal
curl "http://localhost:8080/../../../etc/passwd"
# Command Injection
curl "http://localhost:8080/?cmd=whoami;id"
```
All attacks are properly blocked with detailed logging.
### Unit Testing
```bash
python -m pytest tests/
```
## ๐ Monitoring
### Log Files
- `logs/waf.log` - Main application logs
- `logs/honeypot.log` - Detailed attack forensics
### Log Format
Security violations are logged in structured JSON:
```json
{
"timestamp": "2025-11-09T16:21:39.729428+00:00",
"level": "ERROR",
"source_ip": "127.0.0.1",
"http_method": "GET",
"request_path": "?search=alert('xss')",
"user_agent": "curl/8.16.0",
"message": "Security policy violation: Potential XSS attack blocked",
"waf_details": {
"rule_triggered": "XSS_Pattern_Search_Query",
"param_name": "search",
"param_value": "alert('xss')"
},
"headers": {...},
"body": null
}
```
## ๐๏ธ Architecture
```
Adaptive WAF
โโโ main.py # Main application
โโโ module/ # Security modules
โ โโโ rule_engine.py # Pattern matching
โ โโโ keyword_detection.py# Suspicious keywords
โ โโโ encoding_detection.py# Encoding attacks
โ โโโ path_traversal_detection.py
โ โโโ overflow_detection.py
โ โโโ circuit_breaker.py # Resilience
โ โโโ captcha_challenge.py# CAPTCHA system
โ โโโ ...
โโโ templates/ # HTML templates
โโโ certs/ # SSL certificates
โโโ logs/ # Log files
โโโ config.conf # Configuration
โโโ requirements.txt # Dependencies
```
## ๐ Security Features
### Detection Methods
1. **Pattern Matching**: Regex-based attack detection
2. **Keyword Analysis**: Suspicious parameter detection
3. **Encoding Validation**: Obfuscated attack prevention
4. **Length Limits**: Buffer overflow prevention
5. **Header Validation**: Injection attack prevention
6. **URL Similarity**: Known attack pattern matching
### Resilience Features
- **Circuit Breaker**: Backend failure protection
- **Rate Limiting**: SYN flood prevention
- **Fallback Responses**: Graceful error handling
- **Timeout Management**: Request timeout controls
## ๐ค Contributing
1. Fork the repository
2. Create a feature branch
3. Add tests for new features
4. Ensure all tests pass
5. Submit a pull request
## ๐ License
MIT License - see LICENSE file for details.
## โ ๏ธ Disclaimer
This WAF provides security protections but should be part of a comprehensive security strategy. Regular updates and monitoring are essential for maintaining security effectiveness.
**Built with โค๏ธ for web application security**