A practical demonstration of a Web Application Firewall protecting against common web vulnerabilities like SQL Injection, Command Injection, and XSS attacks.
- Real-time request filtering
- Protection against:
- SQL Injection
- Command Injection
- Cross-Site Scripting (XSS)
- Path Traversal
- Interactive demo forms
- Secure backend implementation
- Responsive Search Bar
- Python 3.10+
- pip package manager
- Modern web browser
- Clone the repository
git clone https://github.com/utkarsh-404/WAF
cd WAF- Install dependencies
python -m venv venv
source venv/bin/activate # Linux/MacOS
venv\Scripts\activate # Windows
pip install -r requirements.txt- Run the application
# Terminal 1 - Backend Server
python app.py
# Terminal 2 - WAF Proxy
python waf_proxy.py- Access the application
Frontend: http://localhost:5000
Backend: http://localhost:5001
Try these payloads in the demo forms:
' OR 1=1 --
UNION SELECT username, password FROM users --; ls -la
127.0.0.1 && whoami<script>alert(1)</script>
javascript:alert(document.cookie)├── app.py # Secure backend application
├── waf_proxy.py # WAF middleware
├── security.py # Security utilities
├── requirements.txt # Dependencies
├── static/ # CSS/JS assets
├── templates/ # HTML templates
└── README.md # Documentation
- Fork the repository
- Create your feature branch
- Commit changes
- Push to the branch
- Open a pull request
Distributed under the MIT License. See LICENSE for more information.
This is a demonstration project only. Do not use with:
- Real user data
- Production systems
- Sensitive information
