Skip to content
/ appguard-server Public

An application-level firewall designed to secure and control network traffic

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NullNet-ai/appguard-server

BranchesTags

Repository files navigation

appguard-server

AppGuard is an application-level firewall for general applications.

Currently, AppGuard client libraries for HTTP and SMTP servers are available, and support for more applications is planned for the future.

Methodology

AppGuard consists of a Rust-based gRPC server that receives and handles layer 7 network traffic from its clients.

The server is responsible for:

  • logging layer 7 network traffic
  • gathering additional IP information about each TCP connection (e.g., geolocation, ASN, organization, blacklist status), via
    • the ipapi.co API
    • MaxMind databases from ipinfo.io updated daily
    • the ipsum daily updated feed of malicious IP addresses
  • matching the traffic against a set of user-defined firewall rules that can be dynamically updated at runtime
  • returning the result of the firewall to the client library

The client libraries are responsible for:

  • sending the layer 7 network traffic to the gRPC server
  • receiving the result of the firewall from the server, and acting accordingly

The contract between the server and the client libraries is defined in the proto/appguard.proto file, which adheres to the Protocol Buffers specification.

Firewall specification

The firewall is defined in a JSON file, which is loaded by the server at startup and can be updated at runtime.

A firewall consists of a collection of expressions.
Each expression is associated with a policy (either allow or deny) and a set of tokens.
The expression's policy is applied if the tokens match the incoming traffic.

Firewall tokens are specified as a mathematical expression including parenthesis, operators (AND, OR), and predicates.
Predicates include a matching condition (e.g., equal, not_equal, lower_than, contains, etc.) and a value.
The value of a predicate explicitly refers to a field of the analyzed traffic (e.g., the user agent, the source IP, a particular header, the response code, etc.).

For an example of a firewall specification, see the firewall.json file.

Internally, each mathematical expression of the firewall is parsed and converted to its equivalent Reverse Polish Notation (RPN), also known as postfix form.
The RPN form is then used to more efficiently evaluate the expression against the incoming traffic.

About

An application-level firewall designed to secure and control network traffic

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Contributors 2

  •  
  •  

Languages