Hardening Apache APISIX with the OWASP's Coraza and Core Ruleset

This page summarizes the projects mentioned and recommended in the original post on dev.to
API HTTP Security ingress Proxy

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • httpbin

    HTTP Request & Response Service, written in Python + Flask.

    • We proceed to define routes to https://httpbin.org/ to test our setup. Let's call the route to /get:

  • spec

    WebAssembly for Proxies (ABI specification) (by proxy-wasm)

    • OWASP also provides Coraza, a port of ModSecurity available as a Go library. Coraza Proxy Wasm is built on top of Coraza and implements the proxy-wasm ABI, which specifies a set of Wasm interfaces for proxies. Finally, Apache APISIX offers proxy-wasm integration.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • coreruleset

    OWASP CRS (Official Repository)

    • --OWASP® ModSecurity Core Rule Set website

  • coraza-proxy-wasm

    proxy-wasm filter based on Coraza WAF

    • FROM apache/apisix:3.8.0-debian ENV VERSION 0.5.0 #1 ENV CORAZA_FILENAME coraza-proxy-wasm-${VERSION}.zip #1 ADD https://github.com/corazawaf/coraza-proxy-wasm/releases/download/$VERSION/$CORAZA_FILENAME . #2 USER root #3 RUN <

  • ajavageek-apisix-coraza

    • GitHub - ajavageek/apisix-coraza

  • apisix-ingress-controller

    APISIX Ingress Controller for Kubernetes

    • In this post, I'd like to describe how to fix some of them via the Apache APISIX API Gateway.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts