UNPKG

reqweb

Version:

A powerful Web Application Firewall (WAF) for Node.js.

github.com/taqsblaze/ReqWeb

taqsblaze/ReqWeb

148 lines (101 loc) 4.67 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
![ReqWeb Logo](https://raw.githubusercontent.com/TaqsBlaze/ReqWeb/refs/heads/main/src/logo/logo.webp) --- # **ReqWeb - Web Application Firewall (WAF)** **ReqWeb** is a lightweight and customizable **Web Application Firewall (WAF)** for Node.js. It provides IP-based filtering, request rate limiting, and logging, helping to protect your web applications from malicious traffic and unauthorized access. ## **Features** - **IP Filtering**: Block or allow specific IPs or CIDR ranges. - **Rate Limiting**: Control the frequency of requests to prevent abuse. - **Request Blocking**: Define custom rules to block unwanted requests. - **Logging**: Detailed request logging to monitor security events. - **Easy Integration**: Drop-in middleware for Express.js or any Node.js application. ## **Installation** To install **ReqWeb**, simply run the following command: ```bash npm install reqweb ``` ## **Usage** ### Basic Setup with Express.js 1. **Import the package**: First, require **ReqWeb** in your application: ```javascript const express = require('express'); const reqweb = require('reqweb'); const apiRoutes = require('./web/public/routes/api'); const ipFilter = require('reqweb/src/middlewares/ipFilter'); const ruleEngine = require('reqweb/src/middlewares/ruleEngine'); const logger = require('reqweb/src/middlewares/logger'); ``` 2. **Load Configuration**: **ReqWeb** allows you to customize your configuration by loading a `userConfig.json` file. Here’s an example of how to load it: ```javascript /*user defined rules and configs currently not implementet and working on an interface for easy config*/ const config = configLoader('reqweb/src/config/usertConfig.json'); ``` **Using default config** ```javascript const config = configLoader('reqweb/src/config/defaultConfig.json'); ``` 3. **Apply the Middlewares**: Add the IP filtering middleware to your Express app: ```javascript const app = express(); // Apply WAF middlewares app.use(logger(config)); // Logging middleware app.use(ipFilter(config)); // IP filtering middleware app.use(rateLimiter(config)); // Rate limiting middleware app.use(ruleEngine(config)); // Rule-based request blocking //adding WAF web interface app.use('/reqweb/api', apiRoutes); app.get('/', (req, res) => { res.send('Welcome to Homelab!'); }); //running your app with WAF web interface enabled reqweb.startInterface(app, 3000); ``` ## Accessing ReqWeb web interface with the above setup you will have access to your waf web configuration interface at the following address: `http://localhost:3000/reqweb/api/web` ### Configuration Example In the `userConfig.json` file, you can define the list of blocked and allowed IPs: ```json { "blockedIPs": ["192.168.1.100", "203.0.113.0/24"], "allowedIPs": ["127.0.0.1", "::1"] } ``` ### Customizing the Middleware You can modify or extend the behavior of **ReqWeb** by tweaking the `ipFilter.js` middleware or adding your own custom rules. --- ## **Configuration Options** - **blockedIPs**: Array of IP addresses or CIDR ranges to block (e.g., `["192.168.1.100", "203.0.113.0/24"]`). - **allowedIPs**: (Optional) Array of IP addresses or CIDR ranges that are allowed even if the `blockedIPs` list would block them (e.g., `["127.0.0.1", "::1"]`). ## **Advanced Features** - **Rate Limiting**: Set up rate limiting to avoid abusive requests. - **Logging**: Enable logging using **winston** for better monitoring of requests and events. ### Example of rate-limiting setup: You can extend **ReqWeb** to add rate-limiting by combining it with other libraries like **express-rate-limit**. --- ## **Development & Testing** ### Run Tests To run tests, use **Mocha** and **Chai** for testing: ```bash npm test ``` ### Build the Package If you're using TypeScript or want to transpile code, you can build the project like this: ```bash npm run build ``` --- ## **Contributing** Contributions are welcome! If you have suggestions, bug fixes, or improvements, feel free to submit a pull request. 1. Fork the repository. 2. Create your feature branch (`git checkout -b feature-name`). 3. Commit your changes (`git commit -am 'Add new feature'`). 4. Push to the branch (`git push origin feature-name`). 5. Create a new pull request. --- ## **License** This project is licensed under the Apache License 2.0 License - see the [LICENSE](LICENSE) file for details. ---