Go-based Web Application Firewall library with ModSecurity SecLang and OWASP CRS v4 compatibility
- Stars3.6k
- Forks322
- Open Issues101
Apache-2.0
- Go
- Go Template
About OWASP Coraza
OWASP Coraza is an open-source web application firewall library for Go that protects web applications and APIs. It supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set v4, which defends against SQL injection, cross-site scripting, code injection, and other common attacks.
Coraza runs as a library inside a Go program, letting you build security middleware or integrate it with existing web servers. It includes audit loggers, persistence engines, operators, and actions, all extensible through plugins.
The engine deploys on-premise through integrations for Caddy, Proxy-WASM proxies such as Envoy, HAProxy SPOE, and a C library for nginx. It runs on recent Go versions or tinygo, on Linux, Windows, and Mac.
Key features
- Supports ModSecurity SecLang rulesets
- 100% compatible with OWASP CRS v4
- Library for Go applications and middleware
- Audit loggers, persistence engines, operators, and actions
- Integrations for Caddy, Proxy-WASM, HAProxy SPOE, and C library
Details
- First released
- 2020
- Platforms
- Windows · macOS · Linux
- Deployment
- self-hostable
- Language
- Go
- Ruleset compatibility
- ModSecurity SecLang · OWASP CRS v4
- Integrations
- Caddy · Proxy-WASM · HAProxy SPOE