Name: Shivansh Verma
Email: shivansh29.sv@gmail.com
Linkedin: Shivansh Verma
Discord: Shivansh Verma#0471
Phone Number: (+91)7800126821
Time Zone: Indian Standard Time (UTC +5:30)
Organization OWASP Coraza
Mentor: José Carlos Chávez
Project Size: 350 Hours (Large)
Proposal GSOC '23 Proposal
The project aims at developing a Rate limiting plugin for Coraza Web Application Firewall V3, so as to make the system resistant against brute Force attacks, DOS and DDOS attacks. Rate limiting is a technique used by computer systems to control the rate of traffic sent or received by a particular entity (such as an application or a user). The goal of rate limiting is to prevent a single entity from overwhelming the system with too many requests at once.
- Ratelimit plugin ✅
- Support for Multizone systems ✅
- Support for Distributed systems ✅
- Tests for the above implementations ✅
- Well written user documentation ✅
- Well written developer documentation (comments within the code and under the hood section) ✅
- Examples for the implementation ✅
- Detailed Benchmarks and Tradeoffs ⭕
- Github Repository - Contains PRs, discussions with mentor, user and developer documentation.
- Weekly Reports
I am highly thankful to my mentor for the whole GSoC timeline. He consistently reviewed my code, had discussions with approaches and suggested the best practices and industrial ways of doing things in Go. Some of the things where I have developed deeper understandings are:-
- Golang
- Using Tickers instead of time.Sleep
- Concurrency patterns, Mutex Locks and Channels.
- Writing TestCases
- Wrapping the project with Magefile
- Handling errors in Goroutines
- Ratelimit
- Algorithms (Leaky Bucket, Window, Sliding Window, Sliding Window Counter, etc)
- How distributed ratelimit systems work
- Its advantages, and practices to follow to have the best ratelimiting experience.
- Web Security
The program has helped me to have industrial experience in Go and this is just the beginning. I will be continuing to work alongside Coraza and lookout for more open source Go projects as I am more interested now than ever.