Skip to content

Mankurj05/web-app-firewall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
app.py
app.py
 
 
logs
logs
 
 
middleware.py
middleware.py
 
 
waf.py
waf.py
 
 

Repository files navigation

Simple Python WAF (Web Application Firewall)

📌 Overview

This project is a Simple Web Application Firewall (WAF) built using Python + Flask.
It detects and blocks common web attacks such as:

  • SQL Injection\
  • Cross-Site Scripting (XSS)\
  • Brute force login attempts\
  • Suspicious payloads in HTTP requests

It also logs every detected attack into logs/attacks.log.

🚀 Features

🔍 Attack Detection

The WAF can detect: - SQL Injection patterns (UNION SELECT, OR 1=1, sleep(, comments) - XSS payloads (<script>, javascript:, onerror) - Excessive login attempts (brute force)

🛑 Blocking

Suspicious requests are blocked with: - 403 Forbidden for SQLi/XSS\

  • 429 Too Many Requests for brute force

📝 Logging

All attacks are logged with: - Timestamp\

  • IP Address\
  • Attack Type\
  • Payload

The logs are stored in:

logs/attacks.log

📁 Project Structure

simple_waf/
│
├── app.py              # Main Flask Application
├── middleware.py       # WAF Middleware (hooks into incoming requests)
├── waf.py              # Detection logic and logging
├── logs/
│     └── attacks.log   # Attack logs
└── requirements.txt    # Dependencies

⚙️ Installation & Setup

1️⃣ Install Dependencies

pip install flask

2️⃣ Run the Application

python app.py

Flask will start on:

http://127.0.0.1:5000

🧪 Testing the WAF

✔ Test SQL Injection

http://127.0.0.1:5000/?q=1 OR 1=1

Expected: - Response: 403 Forbidden - Logged in logs/attacks.log

✔ Test XSS

http://127.0.0.1:5000/?test=<script>alert(1)</script>

Expected: - Blocked\

  • Logged

✔ Test Brute Force

Run:

for i in {1..7}; do curl -X POST http://127.0.0.1:5000/login; done

Expected: - First 5 requests allowed\

  • After limit → 429 Too Many Requests

📚 How It Works (Architecture)

  1. Every incoming request passes through middleware.py
  2. Middleware extracts:
    • Query parameters\
    • Form data\
    • Client IP address\
  3. WAF detection rules in waf.py inspect the payload\
  4. If malicious → logged + blocked\
  5. If clean → forwarded to the main application

💡 Future Improvements (Optional)

You can extend this WAF: - Add rate limiting per endpoint\

  • Add IP blacklisting\
  • Add Admin dashboard for viewing logs\
  • Add protection against Path Traversal\
  • Add protection against Command Injection\
  • Add JSON API Security rules\
  • Dockerize the application\
  • Integrate with CI/CD security scanning

🏁 Conclusion

This project helps you learn: ✔ Web AppSec fundamentals
✔ How WAFs work internally
✔ Attack detection logic
✔ Secure coding practices
✔ Logging & monitoring

Perfect for: - Cybersecurity portfolio\

  • AppSec learning\
  • College/University projects\
  • Resume enhancement

👍 Author

Created as part of a Web Application Security learning project.

About

This repo will help you to build the web application firewall.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages