akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
d8a6a3e97b24828f262ba4fcd40e3df4963672d5
Charon/docs/features/waf.md
GitHub Actions 3169b05156 fix: skip incomplete system log viewer tests 
- Marked 12 tests as skip pending feature implementation
- Features tracked in GitHub issue #686 (system log viewer feature completion)
- Tests cover sorting by timestamp/level/method/URI/status, pagination controls, filtering by text/level, download functionality
- Unblocks Phase 2 at 91.7% pass rate to proceed to Phase 3 security enforcement validation
- TODO comments in code reference GitHub #686 for feature completion tracking
- Tests skipped: Pagination (3), Search/Filter (2), Download (2), Sorting (1), Log Display (4)
2026-02-09 21:55:55 +00:00

91 lines
3.2 KiB
Markdown
Raw Blame History

---
title: Web Application Firewall (WAF)
description: Protect against OWASP Top 10 vulnerabilities with Coraza WAF
---
# Web Application Firewall (WAF)
Stop common attacks like SQL injection, cross-site scripting (XSS), and path traversal before they reach your applications. Powered by Coraza, the WAF protects your apps from the OWASP Top 10 vulnerabilities.
## Overview
The Web Application Firewall inspects every HTTP/HTTPS request and blocks malicious payloads before they reach your backend services. Charon uses [Coraza](https://coraza.io/), a high-performance, open-source WAF engine compatible with the OWASP Core Rule Set (CRS).
Protected attack types include:
- **SQL Injection** — Blocks database manipulation attempts
- **Cross-Site Scripting (XSS)** — Prevents script injection attacks
- **Path Traversal** — Stops directory traversal exploits
- **Remote Code Execution** — Blocks command injection
- **Zero-Day Exploits** — CRS updates provide protection against newly discovered vulnerabilities
## Why Use This
- **Defense in Depth** — Add a security layer in front of your applications
- **OWASP CRS** — Industry-standard ruleset trusted by enterprises
- **Low Latency** — Coraza processes rules efficiently with minimal overhead
- **Flexible Modes** — Choose between monitoring and active blocking
## Configuration
### Enabling WAF
1. Navigate to **Proxy Hosts**
2. Edit or create a proxy host
3. In the **Security** tab, toggle **Web Application Firewall**
4. Select your preferred mode
### Operating Modes
| Mode | Behavior | Use Case |
|------|----------|----------|
| **Monitor** | Logs threats but allows traffic | Testing rules, reducing false positives |
| **Block** | Actively blocks malicious requests | Production protection |
**Recommendation**: Start in Monitor mode to review detected threats, then switch to Block mode once you're confident in the rules.
### Per-Host Configuration
WAF can be enabled independently for each proxy host:
- Enable for public-facing applications
- Disable for internal services or APIs with custom security
- Mix modes across different hosts as needed
## Zero-Day Protection
The OWASP Core Rule Set is regularly updated to address:
- Newly discovered CVEs
- Emerging attack patterns
- Bypass techniques
Charon includes the latest CRS version and receives updates through container image releases.
## Limitations
The WAF protects **HTTP and HTTPS traffic only**:
| Traffic Type | Protected |
|--------------|-----------|
| HTTP/HTTPS Proxy Hosts | ✅ Yes |
| TCP/UDP Streams | ❌ No |
| Non-HTTP protocols | ❌ No |
For TCP/UDP protection, use [CrowdSec](./crowdsec.md) or network-level firewalls.
## Troubleshooting
| Issue | Solution |
|-------|----------|
| Legitimate requests blocked | Switch to Monitor mode and review logs |
| High latency | Check if complex rules are triggering; consider rule tuning |
| WAF not activating | Verify the proxy host has WAF enabled in Security tab |
## Related
- [CrowdSec Integration](./crowdsec.md) — Behavioral threat detection
- [Access Control](./access-control.md) — IP and geo-based restrictions
- [Proxy Hosts](./proxy-hosts.md) — Configure WAF per host
- [Back to Features](../features.md)
Reference in New Issue View Git Blame Copy Permalink