Expand description
wafrift-detect — WAF detection and response fingerprint analysis.
Identifies WAFs from response headers and body content. Detects silent blocking via response fingerprint drift analysis.
§Examples
Identify a WAF from a 403 response that carries a vendor header:
use wafrift_detect::detect;
let headers = vec![
("Server".to_string(), "cloudflare".to_string()),
("CF-Ray".to_string(), "abc123-LHR".to_string()),
];
let body = b"<html>Cloudflare blocked your request</html>";
let results = detect(403, &headers, body);
assert!(!results.is_empty(), "should identify Cloudflare");
assert!(
results.iter().any(|r| r.name.to_lowercase().contains("cloudflare")),
"Cloudflare must be in the result set: got {:?}",
results.iter().map(|r| &r.name).collect::<Vec<_>>()
);A clean 200 response with no WAF signatures gives an empty result set:
use wafrift_detect::detect;
let headers = vec![("Server".to_string(), "nginx/1.25.0".to_string())];
let body = b"<html><body>Welcome</body></html>";
let results = detect(200, &headers, body);
assert!(results.is_empty(), "no WAF should match a benign response");Re-exports§
pub use response_fingerprint::FingerprintDrift;pub use waf_detect::DetectConfig;pub use waf_detect::DetectRulesError;pub use waf_detect::DetectedWaf;pub use waf_detect::ProbePayload;pub use waf_detect::ProbeResult;pub use waf_detect::RuleEngine;pub use waf_detect::active_probe;pub use waf_detect::classify_drift;pub use waf_detect::detect;pub use waf_detect::is_blocked_response;pub use waf_detect::reload_rules;pub use waf_detect::suggest_evasion;pub use waf_detect::supported_wafs;
Modules§
- explain
- Per-payload rule attribution.
- response_
fingerprint - Response fingerprinting for silent-block detection.
- waf_
detect - WAF detection from response headers and body.