- vừa được xem lúc

Blog#230: 🔐Implementing Web Application Firewalls (WAF) in Node.js Express

0 0 30

Người đăng: NGUYỄN ANH TUẤN

Theo Viblo Asia

230

Hi, I'm Tuan, a Full-stack Web Developer from Tokyo 😊. Follow my blog to not miss out on useful and interesting articles in the future.

1. Introduction

1.1. Overview of Web Application Firewalls (WAF)

A Web Application Firewall (WAF) is a security solution that helps protect web applications from various types of attacks, such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI). A WAF analyzes and filters incoming HTTP/HTTPS traffic, identifying and blocking malicious requests before they reach the web application.

1.2. The Importance of WAF in Node.js Express

Node.js Express is a popular web application framework for building fast, scalable, and flexible web applications. Due to its widespread use, securing Express applications is crucial. Implementing a WAF in Express can significantly enhance the security of your web applications, protecting them from various cyber threats.

2. Web Application Firewall Components

2.1. Rule Sets

Rule sets are collections of rules that the WAF uses to analyze and filter incoming traffic. These rules can be based on the Open Web Application Security Project (OWASP) Core Rule Set (CRS), custom rules, or a combination of both.

2.2. Policies

Policies are the configurations that define how the WAF processes incoming requests. They include settings such as rule set selection, request filtering, and action to be taken when a rule is triggered.

2.3. WAF Modes

A WAF can operate in two modes:

  • Monitoring mode: The WAF analyzes and logs traffic without blocking any requests. This mode is useful for testing and fine-tuning rules.
  • Blocking mode: The WAF actively blocks requests that match the rules defined in the policy.

3. Setting up a Node.js Express Application

Before implementing the WAF, let's set up a basic Node.js Express application.

3.1. Installing Dependencies

Create a new directory for your project and run the following command to initialize a new Node.js project:

npm init -y

Install Express and other required dependencies:

npm install express body-parser helmet

3.2. Creating a Basic Express Application

Create a new file called app.js in your project directory and add the following code:

const express = require('express');
const bodyParser = require('body-parser');
const helmet = require('helmet'); const app = express(); app.use(helmet());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true })); app.get('/', (req, res) => { res.send('Hello, World!');
}); const PORT = process.env.PORT || 3000;
app.listen(PORT, () => { console.log(`Server is running on port ${PORT}`);
});

4. Implementing a WAF in Node.js Express

We will implement a WAF in our Node.js Express application using the express-waf package, which is an easy-to-use middleware.

4.1. Installing the express-waf Package

Run the following command to install the express-waf package:

npm install express-waf

4.2. Configuring express-waf Middleware

Add the following code to your app.js file to configure the express-waf middleware:

const expressWaf = require('express-waf'); // Initialize express-waf with the desired configuration
const waf = expressWaf({ mode: 'blocking', ruleSets: { owasp: true, custom: [ { id: '1001', message: 'Custom rule: Block requestswith User-Agent "BadBot"', regex: /BadBot/i, target: 'headers', action: 'block', }, ], },
}); // Use express-waf middleware
app.use(waf.middleware);

In the code above, we:

  1. Import the express-waf package.
  2. Initialize the express-waf middleware with the desired configuration. We set the mode to 'blocking', enable the OWASP rule set, and add a custom rule to block requests with the User-Agent header containing "BadBot".
  3. Add the waf.middleware to our Express application.

4.3. Testing the WAF

Now that we have implemented the WAF in our Express application, let's test it by sending a request with a blocked User-Agent header:

  1. Start your Express application:
node app.js

Use a tool like curl to send a request with the blocked User-Agent header:

curl -H "User-Agent: BadBot" http://localhost:3000

You should receive a response indicating that your request was blocked:

{"message":"Request blocked by Web Application Firewall"}

5. Fine-tuning the WAF Configuration

5.1. Switching to Monitoring Mode

To switch the WAF to monitoring mode, update the mode configuration in the express-waf initialization:

const waf = expressWaf({ mode: 'monitoring', // ...other configurations
});

In monitoring mode, the WAF will log blocked requests instead of actively blocking them. This is useful for testing and fine-tuning your rule sets.

5.2. Customizing the Blocked Response

You can customize the response sent to clients when a request is blocked by updating the blockResponse configuration in the express-waf initialization:

const waf = expressWaf({ // ...other configurations blockResponse: { status: 403, message: 'Access forbidden by Web Application Firewall', },
});

In the example above, we set the response status to 403 and update the message to 'Access forbidden by Web Application Firewall'.

Conclusion

In this article, we discussed the importance of implementing a Web Application Firewall (WAF) in a Node.js Express application to enhance security. We learned about the components of a WAF, such as rule sets, policies, and modes. We then demonstrated how to implement a WAF in an Express application using the express-waf middleware, and how to configure and fine-tune the WAF settings.

By incorporating a WAF into your Node.js Express applications, you can significantly improve their security and protect them from a wide range of cyber threats.

And Finally

As always, I hope you enjoyed this article and got something new. Thank you and see you in the next articles!

If you liked this article, please give me a like and subscribe to support me. Thank you. 😊

Ref

Bình luận

Bài viết tương tự

- vừa được xem lúc

Cách mình "hack" được vào hẹ thống của SMAS để xem điểm.

Cách mà mình "hack" được vào hệ thống của SMAS. Thật ra dùng từ hack cũng không đúng lắm, chỉ là một vài trick để lừa hệ thống mà thôi.

0 0 145

- vừa được xem lúc

[NodeJs] Tạo QR Code trong nodeJs với qrcode

Tạo mã QR Code trong nodejs với qrcode. QR Code là gì. Tạo QR code với qrcode. Cài đặt thư viện qrcode.

0 0 34

- vừa được xem lúc

Áp dụng kiến trúc 3 Layer Architecture vào project NodeJS

The problem encountered. Các framework nodejs phổ biết như Express cho phép chúng ta dễ dàng tạo ra Resful API xử lí các request từ phía client một cách nhanh chóng và linh hoạt.

0 0 80

- vừa được xem lúc

Router, Controller trong Express

Mở đầu. Xin chào các bạn mình đã quay trở lại rồi đây, tiếp tục với series Nodejs cơ bản thì hôm nay mình sẽ giới thiệu đến các bạn Express Router và Controller.

0 0 40

- vừa được xem lúc

Xây dựng CRUD RESTful API sử dụng Node, Express, MongoDB.

Introduction. Trong phạm vi bài viết này chúng ta sẽ cùng tìm hiểu về cách tạo restful api với Node, Express và MongoDB. . Xử lý các hoạt động crud.

0 0 225

- vừa được xem lúc

Rate time limit trong NodeJS

Chào các bạn, lại là mình đây. Hôm nay mình xin giới thiệu tới các bạn một kỹ thuật rất hay ho và hữu ích đó là Rate Limiting. 1. Rate Limiting là gì.

0 0 62