A simple Web Application Firewall (WAF)
Last updated 5 years ago by tommapps .
Apache 2 · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install express-waf 
SYNC missed versions from official npm registry.


A small web application firewall for the NodeJS Express framework.


npm install --save express-waf


The constructor expects the configuration for the blocker and optional settings as parameters. Blocker configuration includes:

  • blockTime: A blacklist timeout which indicates the time after that entries from the blacklist will be removed.
  • db: The used database for the blacklist. In the folder "/database" you can find predefined database connectors. If you don't find the connector you need, you may define your own database connector. This connector must define an add-, a remove- and a contains-function.
var ExpressWaf = require('express-waf');

var emudb = new ExpressWaf.EmulatedDB();
var waf = new ExpressWaf.ExpressWaf({
        db: emudb,
        blockTime: 1000
    log: true

After that you can add additional modules to the firewall. Without these modules the firewall won't block any attacks. The basic functionality only includes a blacklist for evil hosts and a logging mechanism for attacks.

Additional modules can be found in the folder "/modules". This includes, for example a module against SQL Injection attacks or a module against CSRF attacks.

For example, this is how to add the CSRF module:

waf.addModule('csrf-module', {
    allowedMethods:['GET', 'POST'],
    refererIndependentUrls: ['/'],
    allowedOrigins: ['']
}, function (error) {

Don't forget to finally add the check method of express-waf as middleware:


If you forget this step your firewall won't do anything! This is it. Your firewall is now configured to be used with your node.js/express application.

List of Modules


All modules can be tested by using the jasmine-node testing framework:

jasmine-node spec/

Code coverage can be calculated with istanbul:

istanbul cover jasmine-node spec/

Current jenkins report for this project:

  • BuildStatus
  • Test
  • LastBuild
  • Coverage

Current Tags

  • 0.1.6                                ...           latest (5 years ago)

8 Versions

  • 0.1.6                                ...           5 years ago
  • 0.1.5                                ...           5 years ago
  • 0.1.4                                ...           6 years ago
  • 0.1.3                                ...           6 years ago
  • 0.1.2                                ...           6 years ago
  • 0.1.1                                ...           6 years ago
  • 0.1.0                                ...           6 years ago
  • 0.0.1                                ...           6 years ago
Maintainers (1)
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 7
Dependencies (5)
Dev Dependencies (3)
Dependents (0)

Copyright 2014 - 2016 © |