Published on

WAFs: The Magical Barriers of Cybersecurity

Authors

I've been watching the Japanese anime 'Sousou no Frieren' lately, and at the same time, I've been reviewing the source code for Coraza. It suddenly struck me – isn't the magical world's barrier just like a web application firewall?

In the world of Japanese anime, magical barriers, known as "kekkai," are often used by heroes to protect themselves from monstrous threats. These barriers keep the monsters at bay, only allowing friendly entities to pass through. Now, imagine if we had something similar in the digital world to protect our systems from malicious attacks. Well, we do, and they're called firewalls.

Firewalls function much like these anime barriers. They stand guard at the entrance to your network, scrutinizing incoming and outgoing traffic based on predetermined rules. Just like a barrier that keeps monsters out, a firewall fends off malicious requests, only allowing safe and approved data to pass through.

One of the traditional web firewalls that has long been a part of this frontline defense is ModSecurity. ModSecurity provides real-time application security monitoring and access control. It also offers features like virtual patching, comprehensive HTTP traffic logging, and web application hardening. It's like a fortified barrier bolstered with additional protective charms to ensure maximum security. However, the owner of ModSecurity announced the end of Support for ModSecurity for 2024(refer: Trustwave's blog).

For general web defense requirements, cloud WAF solutions like AWS WAF or Azure WAF are often suitable. Nevertheless, as revealed in articles on Fraktal Blog and Fraktal Blog Part 2, it's evident that Azure WAF was the clear winner and the only service that performed well in blocking real-world attacks in their test.

However, the world of web firewalls is not limited to these options. A promising newcomer, Coraza, is stepping onto the scene, ready to make its mark. Coraza, as detailed in a blog titled Talking about ModSecurity and the new Coraza WAF is a new contender in the web application firewall (WAF) landscape.

Coraza is an implementation of a SecLang engine developed in Go language by Juan Pablo Tosso from Chile. Although it currently only works on the open-source Caddy web server, Coraza is already making waves by passing 100% of the CRS test suite, indicating it's ready for production.

The beauty of Coraza lies in its potential. It aims to become a drop-in replacement for ModSecurity and has plans for Apache and NGINX integration, among many other things. The only hurdle it faces is the lack of a developer community, but the project's potential and appeal may soon attract the needed support. And one more thing, the performance of the newly version of Coraza seems pretty good.(refer: Coraza Benchmarks)

I firmly believe that there's plenty of room for both vendor-specific WAF solutions and open-source alternatives like Coraza to coexist for a long time.

For common web defense needs, the WAF solutions provided by cloud vendors such as AWS WAF or Azure WAF are often sufficient. These services offer comprehensive protection against a wide array of threats and integrate seamlessly with other services on their respective platforms. This makes them an excellent choice for businesses seeking a straightforward, all-in-one solution.

However, every business is unique, and some may have specific security requirements that aren't adequately addressed by these out-of-the-box solutions. This is where solutions like Coraza come into play. Coraza's flexibility and customizability make it an excellent choice for businesses with unique needs. With Coraza-like solutions, businesses can tailor their firewall to their specific requirements, ensuring that their unique security needs are met.