{"id":4286,"date":"2016-10-04T07:09:09","date_gmt":"2016-10-04T01:39:09","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=4286"},"modified":"2016-10-04T07:09:09","modified_gmt":"2016-10-04T01:39:09","slug":"raptor-waf-c-based-web-application-firewall","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/raptor-waf-c-based-web-application-firewall\/","title":{"rendered":"Raptor WAF \u2013 C Based Web Application Firewall"},"content":{"rendered":"<div>\n<section>\n<a><\/a><\/p>\n<p>Raptor WAF is a Web Application Firewall made in C, using DFA to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal.<\/p>\n<p><img decoding=\"async\" alt=\"Raptor WAF - C Based Web Application Firewall\" class=\"wp-image-4300\" src=\"https:\/\/ift.tt\/2dEw4tT\"><\/p>\n<p>DFA stands for Deterministic Finite Automaton also known as a Deterministic Finite State Machine.<\/p>\n<p>It\u2019s essentially a simple web application firewall made in C, using the KISS principle, making polls using the select() function, it\u2019s not better than epoll() or kqueue() from *BSD but it is portable.<\/p>\n<h3>Features<\/h3>\n<p>WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend against most commonly SQL Injections and XSS attacks.<\/p>\n<ul>\n<li>Block XSS, SQL Injection attacks and path traversal<\/li>\n<li>Blacklist IPs to block users using config\/blacklist ip.txt<\/li>\n<li>Supports IPv6 and IPv4 for communication<\/li>\n<\/ul>\n<p align=\"center\">\n<p><ins><\/ins>\n<\/p>\n<p><\/p>\n<h4>Coming in the Future<\/h4>\n<ul>\n<li>DoS protection<\/li>\n<li>Request limits<\/li>\n<li>Rule interpreter<\/li>\n<li>Malware detection for uploads<\/li>\n<li>SSL\/TLS Support<\/li>\n<\/ul>\n<p>Do bear in mind this is an early stage almost PoC tool and not really production tested or ready, I think it\u2019d be a great project to contribute to and most people don\u2019t need a super complex WAF \u2013 just something REALLY reliable, stable, performant and blocks 80-90% of the common attacks.<\/p>\n<p>Other options for a WAF:<\/p>\n<p>\u2013 <a href=\"https:\/\/ift.tt\/1RdKWJh\">NAXSI \u2013 Open-Source WAF For Nginx<\/a><br \/>\n\u2013 <a href=\"https:\/\/ift.tt\/1QZGNak\">Amazon AWS Web Application Firewall (WAF ) Launched<\/a><br \/>\n\u2013 <a href=\"https:\/\/ift.tt\/1NuPRky\">ModSecurity \u2013 Open Source Web Application Firewall<\/a><\/p>\n<p>You can download Raptor WAF here:<\/p>\n<p><a href=\"https:\/\/ift.tt\/2cO1SWS\">raptor_waf-0.2.zip<\/a><\/p>\n<p>Or read more <a href=\"https:\/\/ift.tt\/1Sop3tR\">here<\/a>.<\/p>\n<\/section>\n<\/div>\n<p>via https:\/\/ift.tt\/2cNozQ4<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Raptor WAF is a Web Application Firewall made in C, using DFA to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal. DFA stands for Deterministic Finite Automaton also known as a Deterministic Finite State Machine. It\u2019s essentially a simple web application firewall made in C, using the KISS principle, making polls using the &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/qadit.com\/blog\/raptor-waf-c-based-web-application-firewall\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Raptor WAF \u2013 C Based Web Application Firewall&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[],"class_list":["post-4286","post","type-post","status-publish","format-standard","hentry","category-itsec"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-178","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=4286"}],"version-history":[{"count":1,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4286\/revisions"}],"predecessor-version":[{"id":4287,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/4286\/revisions\/4287"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=4286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=4286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=4286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}