gowafp

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 2, 2018 License: MIT Imports: 6 Imported by: 0

README

gowafp

Build Status

A Go WAF (Web Application Firewall) that sits between your webserver (nginx) and your FastCGI application.

nginx <- (tcp) -> gowafp <- (FastCGI) -> PHP-FPM

The goal of this package is to prevent any attacks from reaching the FastCGI application. It should block all SQL injection attempts and filter XSS attempts. Maybe down the road it could also handle CSRF.

An Application and the Web Application Firewall should not be on different servers. While the services out there do a good job, they're expensive and slower. Of course, you could recompile your web server with some additional features, but that is harder to deploy while scaling.

usage

First, you need to have Go get the repo.

go get github.com/levidurfee/gowafp

Below is simple main.go example.

package main

import (
	"github.com/levidurfee/gowafp"
	"log"
	"net/http"
)

func main() {
	http.Handle("/", gowafp.AnalyzeRequest(gowafp.PhpHandler("/app/index.php", "tcp", "127.0.0.1:9000")))

	log.Fatal(http.ListenAndServe(":8080", nil))
}

Then build and run it.

go build main.go
./main

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AnalyzeRequest 

func AnalyzeRequest(next http.Handler) http.Handler

AnalyzeRequest will analyze the request for malicious intent.

func PhpHandler 

func PhpHandler(script string, protocol string, address string) http.Handler

PhpHandler is a net/http Handler that starts the process for passing the request to PHP-FPM.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.