Skip to content

Instantly share code, notes, and snippets.

@VermaShivansh

VermaShivansh/GSoC'23.md

Last active August 27, 2023 20:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save VermaShivansh/fc973a635f81c452acc6b922e735f49a to your computer and use it in GitHub Desktop.
Save VermaShivansh/fc973a635f81c452acc6b922e735f49a to your computer and use it in GitHub Desktop.
Download ZIP
GSoC '23 gist
Raw
GSoC'23.md

  Coraza WAF - Ratelimit Plugin

Personal Information

Name: Shivansh Verma
Email: shivansh29.sv@gmail.com
Linkedin: Shivansh Verma
Discord: Shivansh Verma#0471
Phone Number: (+91)7800126821
Time Zone: Indian Standard Time (UTC +5:30)

Project Information

Organization OWASP Coraza
Mentor: José Carlos Chávez
Project Size: 350 Hours (Large)
Proposal GSOC '23 Proposal

About Project

Overview

The project aims at developing a Rate limiting plugin for Coraza Web Application Firewall V3, so as to make the system resistant against brute Force attacks, DOS and DDOS attacks. Rate limiting is a technique used by computer systems to control the rate of traffic sent or received by a particular entity (such as an application or a user). The goal of rate limiting is to prevent a single entity from overwhelming the system with too many requests at once.

Final Deliverables which were intended at time of proposal

  • Ratelimit plugin ✅
  • Support for Multizone systems ✅
  • Support for Distributed systems ✅
  • Tests for the above implementations ✅
  • Well written user documentation ✅
  • Well written developer documentation (comments within the code and under the hood section) ✅
  • Examples for the implementation ✅
  • Detailed Benchmarks and Tradeoffs ⭕

Proof of Works Link

Learnings and Takeaways

I am highly thankful to my mentor for the whole GSoC timeline. He consistently reviewed my code, had discussions with approaches and suggested the best practices and industrial ways of doing things in Go. Some of the things where I have developed deeper understandings are:-

  • Golang
    • Using Tickers instead of time.Sleep
    • Concurrency patterns, Mutex Locks and Channels.
    • Writing TestCases
    • Wrapping the project with Magefile
    • Handling errors in Goroutines
  • Ratelimit
    • Algorithms (Leaky Bucket, Window, Sliding Window, Sliding Window Counter, etc)
    • How distributed ratelimit systems work
    • Its advantages, and practices to follow to have the best ratelimiting experience.
  • Web Security

The program has helped me to have industrial experience in Go and this is just the beginning. I will be continuing to work alongside Coraza and lookout for more open source Go projects as I am more interested now than ever.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment