Web Application Firewall (WAF) is a critical component of modern application security, offering protection against a wide and growing array of well-known threats plus a fast way to mitigate against late-breaking exploits. The de facto WAF standard has long been ModSecurity coupled with the OWASP Core Rule Set (CRS), but that is about to change. The venerable ModSecurity is slated for end of life in 2024, with no clear upgrade path to a new version. As a replacement, OWASP has endorsed Coraza, a newer open source project created by security researcher Juan Pablo Tosso. Coraza is a Seclang engine written in Go that aims to be “fast by default,” extensible and enterprise-ready.
“Fast by default” is critical here, as the WAF engine executes in the path of all inbound and outbound traffic where every millisecond counts. To help make Coraza as fast as possible, Tetrate and Intel have worked together to characterize Coraza’s performance, identify areas of improvement and work with the community to carry out those improvements. And those improvements which we’ve contributed back to open source, have been significant—reducing heap allocations by up to 82% and improving running time up to 45%.
If you want to learn more about what and how it was done, check out this blog post by the people who did it—Sundar Nadathur, Manoj Gopalakrishnan, Ramesh Masavarapu of Intel NEX and our own José Carlos Chávez of Tetrate.