Web Aplication Firewall

About the Project

This project is a high-performance Web Application Firewall (WAF) implemented as a transparent web proxy that analyzes HTTP traffic in real time. Its primary purpose is to detect and block suspicious or malicious requests before they reach backend applications, adding a robust layer of security without altering existing infrastructure.

Built with scalability in mind, the system leverages modern data processing principles and is designed to handle high-throughput environments without noticeable latency impact.

Technologies

• Node.js Cluster – Handles concurrent connections and request routing.
• C Analyzer Processes – Perform CPU-intensive pattern matching using precompiled regex rules.
• Redis – Provides centralized state management and rate limiting.
• Packet Filter (PF) – Enables transparent traffic redirection (macOS setup).

Additional technologies include Bash scripting for deployment, JSON-based rules configuration, and keep-alive connection pooling for optimized throughput.

Goals

The project is designed with two main goals:

1. Accurate Threat Detection – Identify common web attacks such as SQL Injection, XSS, Path Traversal, and Command Injection.
2. High Performance & Real-Time Analysis – Maintain high throughput and low latency even under heavy load.

Architecture

The system follows a clustered proxy architecture:

• A master node initializes the cluster, manages worker processes, and distributes incoming TCP connections.
• Worker nodes handle HTTP traffic, each with:
  • Connection Pool – Reuses TCP connections to minimize handshake overhead.
  • Worker Pool – Manages C-based analyzer processes responsible for deep request inspection.

Requests are analyzed, filtered, and, if safe, forwarded to the backend server. Responses follow the same path back to the client.