Flask-WAF is an advanced Web Application Firewall (WAF) extension for Flask applications. It provides comprehensive protection against various web application threats, enhancing the security of your Flask-based web applications.
Project description
Flask-WAF
Flask-WAF is an advanced Web Application Firewall (WAF) extension for Flask applications. It provides comprehensive protection against various web application threats, enhancing the security of your Flask-based web applications.
Table of Contents
Features
- Advanced rule engine for detecting and blocking malicious requests
- Session protection to prevent session hijacking and fixation attacks
- Content Security Policy (CSP) implementation
- Threat intelligence integration
- Anomaly detection to identify unusual patterns
- Rate limiting to prevent abuse
- Comprehensive logging
- Customizable security rules and policies
Installation
You can install Flask-WAF using pip:
pip install flask-waf
Alternatively, you can install from the source:
git clone https://github.com/yourusername/flask-waf.git
cd flask-waf
pip install -e .
Quick Start
Here's a simple example of how to use Flask-WAF:
from flask import Flask
from flask_waf import WAF
app = Flask(__name__)
app.config['SECRET_KEY'] = 'your-secret-key' # Required for session handling
waf = WAF(app)
@app.route('/')
def hello_world():
return 'Hello, World!'
if __name__ == '__main__':
app.run(debug=True)
This basic setup will apply default WAF protection to your Flask application.
Configuration
Flask-WAF can be configured using a JSON file or by passing a dictionary to the WAF constructor. Here's an example configuration:
waf_config = {
"max_request_size": 1048576, # 1MB
"allowed_content_types": [
"application/x-www-form-urlencoded",
"application/json",
"multipart/form-data"
],
"max_url_length": 2083,
"max_query_params": 100,
"max_headers": 100,
"required_headers": ["Host", "User-Agent"],
"rate_limit": 100, # requests per minute
"session_protection": True,
"content_security_policy": {
"default-src": ["'self'"],
"script-src": ["'self'", "'unsafe-inline'"],
"style-src": ["'self'", "'unsafe-inline'"],
},
"anomaly_detection": {
"request_threshold": 10,
"time_window": 60
}
}
waf = WAF(app, config=waf_config)
You can also load the configuration from a JSON file:
waf = WAF(app, config_file='waf_config.json')
Advanced Usage
Custom Rules
You can add custom rules to the WAF's rule engine:
from flask_waf import WAF, Rule
waf = WAF(app)
custom_rule = Rule(
name='Custom SQL Injection Check',
pattern=r'UNION\s+SELECT',
locations=['params', 'form', 'json'],
severity='high',
description='Detected potential SQL injection attempt'
)
waf.rule_engine.add_rule(custom_rule)
Threat Intelligence Integration
You can update the threat intelligence module with custom malicious patterns:
waf.threat_intel.add_malicious_pattern(r'malware\.com')
waf.threat_intel.add_malicious_ip_range('192.0.2.0', '192.0.2.255')
Logging
Flask-WAF provides comprehensive logging. You can customize the log file location:
waf.logger.set_log_file('/path/to/waf.log')
API Reference
WAF Class
The main class for initializing the Web Application Firewall.
class WAF:
def __init__(self, app=None, config=None, config_file=None):
...
def init_app(self, app):
...
def check_request(self):
...
def add_security_headers(self, response):
...
Rule Class
Used for defining custom security rules.
class Rule:
def __init__(self, name, pattern, locations, severity='medium', description=''):
...
def check(self, data):
...
RuleEngine Class
Manages and applies security rules.
class RuleEngine:
def add_rule(self, rule):
...
def remove_rule(self, rule_name):
...
def check_request(self, request):
...
For a complete API reference, please refer to the API documentation.
Contributing
We welcome contributions! Please see our contributing guide for more details.
License
Flask-WAF is released under the MIT License. See the LICENSE file for more details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file flask_waf-2.1.0.tar.gz.
File metadata
- Download URL: flask_waf-2.1.0.tar.gz
- Upload date:
- Size: 9.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ad218f082437a5516b832581f37b44783679384e7cdaf4fc3fa1e91e39084020
|
|
| MD5 |
99844b4da75925f867c7709d9e2b7e16
|
|
| BLAKE2b-256 |
b928b243b47c89f122657a6b6a9cd9588e4327d3d8da1ce0a6f7b4e6e704fc7d
|
File details
Details for the file flask_waf-2.1.0-py3-none-any.whl.
File metadata
- Download URL: flask_waf-2.1.0-py3-none-any.whl
- Upload date:
- Size: 10.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.23
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
88f94606103637b5bd0c5eb1a35c3652f0836485c9baf40f430a686e43800e71
|
|
| MD5 |
f39d8eae4bc2a5c0b470d6ae3dc47214
|
|
| BLAKE2b-256 |
9abaa0916d66aa6e23cb98f99ef586219126d5c9b6cabc2e030a881506d18f2c
|
