wafrift_detect/lib.rs
1//! wafrift-detect — WAF detection and response fingerprint analysis.
2//!
3//! Identifies WAFs from response headers and body content.
4//! Detects silent blocking via response fingerprint drift analysis.
5//!
6//! # Examples
7//!
8//! Identify a WAF from a 403 response that carries a vendor header:
9//!
10//! ```
11//! use wafrift_detect::detect;
12//!
13//! let headers = vec![
14//! ("Server".to_string(), "cloudflare".to_string()),
15//! ("CF-Ray".to_string(), "abc123-LHR".to_string()),
16//! ];
17//! let body = b"<html>Cloudflare blocked your request</html>";
18//! let results = detect(403, &headers, body);
19//! assert!(!results.is_empty(), "should identify Cloudflare");
20//! assert!(
21//! results.iter().any(|r| r.name.to_lowercase().contains("cloudflare")),
22//! "Cloudflare must be in the result set: got {:?}",
23//! results.iter().map(|r| &r.name).collect::<Vec<_>>()
24//! );
25//! ```
26//!
27//! A clean 200 response with no WAF signatures gives an empty result
28//! set:
29//!
30//! ```
31//! use wafrift_detect::detect;
32//!
33//! let headers = vec![("Server".to_string(), "nginx/1.25.0".to_string())];
34//! let body = b"<html><body>Welcome</body></html>";
35//! let results = detect(200, &headers, body);
36//! assert!(results.is_empty(), "no WAF should match a benign response");
37//! ```
38
39pub mod response_fingerprint;
40pub mod waf_detect;
41
42pub use response_fingerprint::FingerprintDrift;
43pub use waf_detect::{
44 DetectConfig, DetectRulesError, DetectedWaf, ProbePayload, ProbeResult, RuleEngine,
45 active_probe, classify_drift, detect, is_blocked_response, reload_rules, suggest_evasion,
46 supported_wafs,
47};
48
49pub mod explain;