Octopus WAF – Web Application Firewall Made In C Language And Use Libevent

Click the icon to Follow me:- twitterTelegramRedditDiscord

OctopusWAF 1 octopuswaf2

OctopusWAF is a open source Web application firewall, is made in C language uses libevent to make multiple connections.

First step

Instal lib-pcre, if you use RPM based distros search pcre-devel package, in BSD based search in ports or brew… Need libevent-dev, on RPM distros libevent-devel, Openssl-dev and openssl-devel.

To compile and run OctopusWAF follow this commands:

$ git clone https://github.com/CoolerVoid/OctopusWAF
$ cd OctopusWAF; make
$ bin/OctopusWAF

Example tested on DVWA on simple HTTP channel

$ bin/OctopusWAF -h -r -m horspool --debug

Open your browser in

  • Notes: Don’t execute with “cd bin; ./OctopusWAF” use full path “bin/OctopusWAF”, because binary need load content in config directory. Use HTTP only for WAF usage, this version 0.1 run TLS but don’t have resource to load cert and read TLS requests/responses, if you use TLS the service can lost WAF function and work like reverse proxy.

Tested on Linux but can run in FreeBSD.

Code overview

Language files blank comment code
C 12 324 138 997
C/C++ Header 11 63 70 212
make 1 1 0 30
Markdown 1 6 0 3
SUM: 25 394 208 1242


Resource to load modsec rules https://github.com/SpiderLabs/owasp-modsecurity-crs/

Insert rules to detect XSS

Insert rules to detect SQLi

Insert rules to detect RCE

Insert rules to detect RFI/LFI

Insert rules to detect XXE

Insert rules to detect Anomalys…

Channel for TLS

Cert Load




Download OctopusWAF

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.


Original Source