casbin / caswaf Goto Github PK
View Code? Open in Web Editor NEWHTTP & OAuth Gateway and Web Application Firewall (WAF) based on ModSecurity, online demo: https://door.caswaf.com
Home Page: https://caswaf.org
License: Apache License 2.0
HTTP & OAuth Gateway and Web Application Firewall (WAF) based on ModSecurity, online demo: https://door.caswaf.com
Home Page: https://caswaf.org
License: Apache License 2.0
WAF rules are already added in: #19
Need to add a web UI (and CURD) to view, edit and manage WAF rules in web UI
The frontend code (package.json dependencies, app.js, css, etc.) in this repo is buggy
It should mirror the frontend code framework from Casibase: https://github.com/casbin/casibase
There is no Contributors section in readme file .
As we know Contributions are what make the open-source community such an amazing place to learn, inspire, and create.
The Contributors section in a README.md file is important as it acknowledges and gives credit to those who have contributed to a project, fosters community and collaboration, adds transparency and accountability, and helps document the project's history for current and future maintainers. It also serves as a form of recognition, motivating contributors to continue their efforts.
Like Casdoor: https://door.casdoor.com/
Condition should be added to CasWAF as first-class object (Go struct, CURD, list page, edit page, etc.)
Condition can be:
requestUrl.startsWith("/attack") && method == "POST || WAF rule matched"
https://github.com/corazawaf/coraza is a WAF engine in Golang.
It can be used as a library: https://github.com/corazawaf/coraza?tab=readme-ov-file#coraza-core-usage
CasWAF's site traffic can be filtered by importing this library.
Part of: #21
See senario at: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/user-guide/configure-waf-alerting?spm=a2c4g.11186623.0.0.23486c1eFMmu08
Can send Email out via Casdoor Email provider
Action should be added to CasWAF as first-class object (Go struct, CURD, list page, edit page, etc.)
Action can be:
ModSecurity 3.x can be deployed manually via native or Docker ways: https://github.com/SpiderLabs/ModSecurity
CasWAF needs to use Go code to control the start/stop/configure of ModSecurity:
First step would be, writing a Go test to download ModSecurity and run it up
Add a dashboard page like: https://aws.amazon.com/blogs/security/deploy-dashboard-for-aws-waf-minimal-effort/ . It uses the logs as data input.
In this project, is it possible to send packages to caswaf without setting a proxy on the browser or the operating system and only through the URL of the website (ex: caswaf.org/casnode and redirect base on convert casnode to casnode.org), in order to reach the goal in terms of the project's productivity and not disrupting other user's work, etc.?
If it is technically feasible, what way do you suggest?
No need to be exactly the same as Casdoor, use the useful fields and functions
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.