Blog#230: 🔐Implementing Web Application Firewalls (WAF) in Node.js Express

230

Hi, I'm Tuan, a Full-stack Web Developer from Tokyo 😊. Follow my blog to not miss out on useful and interesting articles in the future.

1. Introduction

1.1. Overview of Web Application Firewalls (WAF)

A Web Application Firewall (WAF) is a security solution that helps protect web applications from various types of attacks, such as SQL injection, cross-site scripting (XSS), and remote file inclusion (RFI). A WAF analyzes and filters incoming HTTP/HTTPS traffic, identifying and blocking malicious requests before they reach the web application.

1.2. The Importance of WAF in Node.js Express

Node.js Express is a popular web application framework for building fast, scalable, and flexible web applications. Due to its widespread use, securing Express applications is crucial. Implementing a WAF in Express can significantly enhance the security of your web applications, protecting them from various cyber threats.

2. Web Application Firewall Components

2.1. Rule Sets

Rule sets are collections of rules that the WAF uses to analyze and filter incoming traffic. These rules can be based on the Open Web Application Security Project (OWASP) Core Rule Set (CRS), custom rules, or a combination of both.

2.2. Policies

Policies are the configurations that define how the WAF processes incoming requests. They include settings such as rule set selection, request filtering, and action to be taken when a rule is triggered.

2.3. WAF Modes

A WAF can operate in two modes:

  • Monitoring mode: The WAF analyzes and logs traffic without blocking any requests. This mode is useful for testing and fine-tuning rules.
  • Blocking mode: The WAF actively blocks requests that match the rules defined in the policy.

3. Setting up a Node.js Express Application

Before implementing the WAF, let's set up a basic Node.js Express application.

3.1. Installing Dependencies

Create a new directory for your project and run the following command to initialize a new Node.js project:

npm init -y

Install Express and other required dependencies:

npm install express body-parser helmet

3.2. Creating a Basic Express Application

Create a new file called app.js in your project directory and add the following code:

const express = require('express');
const bodyParser = require('body-parser');
const helmet = require('helmet');

const app = express();

app.use(helmet());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

app.get('/', (req, res) => {
  res.send('Hello, World!');
});

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Server is running on port ${PORT}`);
});

4. Implementing a WAF in Node.js Express

We will implement a WAF in our Node.js Express application using the express-waf package, which is an easy-to-use middleware.

4.1. Installing the express-waf Package

Run the following command to install the express-waf package:

npm install express-waf

4.2. Configuring express-waf Middleware

Add the following code to your app.js file to configure the express-waf middleware:

const expressWaf = require('express-waf');

// Initialize express-waf with the desired configuration
const waf = expressWaf({
    mode: 'blocking',
    ruleSets: {
        owasp: true,
        custom: [
            {
                id: '1001',
                message: 'Custom rule: Block requestswith User-Agent "BadBot"',
                regex: /BadBot/i,
                target: 'headers',
                action: 'block',
            },
        ],
    },
});

// Use express-waf middleware
app.use(waf.middleware);

In the code above, we:

  1. Import the express-waf package.
  2. Initialize the express-waf middleware with the desired configuration. We set the mode to 'blocking', enable the OWASP rule set, and add a custom rule to block requests with the User-Agent header containing "BadBot".
  3. Add the waf.middleware to our Express application.

4.3. Testing the WAF

Now that we have implemented the WAF in our Express application, let's test it by sending a request with a blocked User-Agent header:

  1. Start your Express application:
node app.js

Use a tool like curl to send a request with the blocked User-Agent header:

curl -H "User-Agent: BadBot" http://localhost:3000

You should receive a response indicating that your request was blocked:

{"message":"Request blocked by Web Application Firewall"}

5. Fine-tuning the WAF Configuration

5.1. Switching to Monitoring Mode

To switch the WAF to monitoring mode, update the mode configuration in the express-waf initialization:

const waf = expressWaf({
  mode: 'monitoring',
  // ...other configurations
});

In monitoring mode, the WAF will log blocked requests instead of actively blocking them. This is useful for testing and fine-tuning your rule sets.

5.2. Customizing the Blocked Response

You can customize the response sent to clients when a request is blocked by updating the blockResponse configuration in the express-waf initialization:

const waf = expressWaf({
  // ...other configurations
  blockResponse: {
    status: 403,
    message: 'Access forbidden by Web Application Firewall',
  },
});

In the example above, we set the response status to 403 and update the message to 'Access forbidden by Web Application Firewall'.

Conclusion

In this article, we discussed the importance of implementing a Web Application Firewall (WAF) in a Node.js Express application to enhance security. We learned about the components of a WAF, such as rule sets, policies, and modes. We then demonstrated how to implement a WAF in an Express application using the express-waf middleware, and how to configure and fine-tune the WAF settings.

By incorporating a WAF into your Node.js Express applications, you can significantly improve their security and protect them from a wide range of cyber threats.

And Finally

As always, I hope you enjoyed this article and got something new. Thank you and see you in the next articles!

If you liked this article, please give me a like and subscribe to support me. Thank you. 😊

NGUYỄN ANH TUẤN

Xin chào, mình là Tuấn, một kỹ sư phần mềm đang làm việc tại Tokyo. Đây là blog cá nhân nơi mình chia sẻ kiến thức và kinh nghiệm trong quá trình phát triển bản thân. Hy vọng blog sẽ là nguồn cảm hứng và động lực cho các bạn. Hãy cùng mình học hỏi và trưởng thành mỗi ngày nhé!

Đăng nhận xét

Mới hơn Cũ hơn