A basic WAF for the Kestrel web server.
A web application firewall is software that monitors and blocks HTTP traffic to a web service.
Using Reverse Proxy from Microsoft allows this project to both filter and forward traffic to another server.
This project is an attempt to implement a rules based WAF using ASP.NET Core Middleware.
Business rules engine is software that executes one or more business rules in a configurable runtime environment.
This provides flexibility to the end user to define rules to control inbound web traffic with little or no programming experience.
This project uses the Micro Rule Engine based on Expression Trees.
That project README covers the different kinds of expressions that can be used, so I'd encourage you to read that beforehand.
The inclusion of a boolean Negate field has been added to that library, allowing the result of a rule to be inverted which provides further versatility.
Rules will then be defined and stored in the appsettings.json file using ASP.NET Core Configuration options pattern.
An instance of the WebRequest class is created for each request which exposes fields like URL, IP address, user agent etc. for the rules engine to interact with.
Below is a example of different rules that can be defined. In addition rules may be nested for more complex logic.
"Configuration": {
"Ruleset": {
"Operator": "OrElse",
"Rules": [
{
"MemberName": "Path",
"Operator": "EndsWith",
"Inputs": [ ".php" ]
},
{
"MemberName": "UserAgent",
"Operator": "IsMatch",
"TargetValue": "^(curl|java|python)"
},
{
"Operator": "InSubnet",
"Inputs": [ "192.168.10.0", 24 ],
"Negate": true
},
{
"Operator": "IpInFile",
"Inputs": [ "C:\\Temp\\blocklist.txt" ]
}
]
}
}
When a web request is received and processed by the rules, if any of the above match the request will be rejected and will return a 403 Forbidden status code.
MaxMind provides free Geolocation data. Register and download the GeoLite2 database and specify the file location in the settings file.
"Configuration": {
"GeoLiteFile": "C:\\MaxMind\\GeoLite2-Country.mmdb"
}
You will be able to lookup the geographic location of any IP address which will allow you to block requests by country if required.
{
"MemberName": "IpCountry",
"Operator": "IsInInput",
"Inputs": [ "CN", "RU" ]
}
This is a very simple implementation of a WAF, but as you can see it can be expanded upon very easily. Any contributions to this project would be welcomed.
YARP: A Reverse Proxy https://github.com/microsoft/reverse-proxy
Micro Rule Engine https://github.com/runxc1/MicroRuleEngine
MaxMind DB Reader https://github.com/maxmind/MaxMind-DB-Reader-dotnet