GithubHelp home page GithubHelp logo

express-waf's Introduction

express-waf

A small web application firewall for the NodeJS Express framework.

Installation

npm install --save express-waf

Usage

The constructor expects the configuration for the blocker and optional settings as parameters. Blocker configuration includes:

  • blockTime: A blacklist timeout which indicates the time after that entries from the blacklist will be removed.
  • db: The used database for the blacklist. In the folder "/database" you can find predefined database connectors. If you don't find the connector you need, you may define your own database connector. This connector must define an add-, a remove- and a contains-function.
var ExpressWaf = require('express-waf');

var emudb = new ExpressWaf.EmulatedDB();
var waf = new ExpressWaf.ExpressWaf({
    blocker:{
        db: emudb,
        blockTime: 1000
    },
    log: true
});

After that you can add additional modules to the firewall. Without these modules the firewall won't block any attacks. The basic functionality only includes a blacklist for evil hosts and a logging mechanism for attacks.

Additional modules can be found in the folder "/modules". This includes, for example a module against SQL Injection attacks or a module against CSRF attacks.

For example, this is how to add the CSRF module:

waf.addModule('csrf-module', {
    allowedMethods:['GET', 'POST'],
    refererIndependentUrls: ['/'],
    allowedOrigins: ['www.example.com']
}, function (error) {
    console.log(error);
});

Don't forget to finally add the check method of express-waf as middleware:

app.use(waf.check);

If you forget this step your firewall won't do anything! This is it. Your firewall is now configured to be used with your node.js/express application.

List of Modules

Code-Quality

All modules can be tested by using the jasmine-node testing framework:

jasmine-node spec/

Code coverage can be calculated with istanbul:

istanbul cover jasmine-node spec/

Current jenkins report for this project:

  • BuildStatus
  • Test
  • LastBuild
  • Coverage

express-waf's People

Contributors

henning96 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.