Firewall Inspector

About This Application

This is a Network and Host-Based Firewall Web Application — a diploma project that combines multiple security tools into one interface. It allows you to scan network ports, view and manage OS-level firewall rules, control device ports (block/open ports using the operating system's firewall), and operate a Web Application Firewall (WAF) that protects this server in real-time by detecting attacks such as SQL injection, XSS, path traversal, and command injection.

Built with Go (backend) + HTML/CSS/JS (frontend) — runs on Linux, macOS, and Windows All firewall changes are applied using real OS commands: iptables (Linux), pfctl (macOS), netsh (Windows) The WAF middleware protects every API request with rate limiting, IP blocking, and attack pattern detection

Bu Programma Barada

Bu Ulgam we Hosta Esasly Firewall Web Programmasy — birnäçe howpsuzlyk gurallary bir ýerde jemleýän diplom taslamasy. Bu programma arkaly siz ulgam portlaryny skanerlap, OS derejesindäki firewall düzgünlerini görüp we dolandyryp, enjam portlaryny dolandyryp (blokirläp ýa-da açyp) we hakyky wagtda bu serweri goraýan Web Programmasy Firewall (WAF) ulanyp bilersiňiz. WAF SQL injeksiýa, XSS, ýol geçiş we buýruk injeksiýa hüjümlerini anyklaýar.

Go (backend) + HTML/CSS/JS (frontend) bilen guruldy — Linux, macOS we Windows-da işleýär Ähli firewall üýtgeşmeleri hakyky OS buýruklary arkaly ulanylýar: iptables (Linux), pfctl (macOS), netsh (Windows) WAF programmasy her API haýyşyny tizlik çäklendirmesi, IP blokirlemesi we hüjüm nusgasy tespiti bilen goraýar

—

Requests Allowed

—

Requests Blocked

—

Attacks Detected

—

Managed Ports

System Features

Port Scanner

Scans TCP ports on any host concurrently with up to 50 parallel connections. Identifies open, closed, and filtered ports with service names.

System Firewall Rules

Reads live firewall rules from the operating system (iptables, nftables, ufw, pf). Add custom rules directly from the interface.

Device Port Control

Block or open specific ports on this machine using OS firewall commands. Changes persist in the OS firewall engine.

Web Application Firewall

Built-in WAF middleware detects SQL injection, XSS, path traversal, and command injection on every request in real-time.

Audit Logging

Every request is logged with IP, method, path, timestamp, block reason, and attack type. Keeps the last 500 entries in memory.

Vulnerability Tests

10 automated self-tests verify all WAF protections are working: injection attacks, size limits, rate limiting, security headers.

Quick Actions

Live WAF Events

No attacks detected yet

What is Port Scanning?

A port scanner tests which TCP ports on a target host are open (accepting connections), closed (rejecting connections), or filtered (no response, possibly blocked by a firewall). Each port number corresponds to a network service — for example, port 80 is HTTP web traffic, port 22 is SSH remote access, and port 3306 is MySQL database.

Open — the service is running and accepting connections Closed — no service listening, but host is reachable Filtered — no response received, likely blocked by firewall You can scan localhost (this machine), any local network IP (e.g. 192.168.1.1), or a domain name

Port Skanerleme Näme?

Port skaneri nyşana hostyň TCP portlarynyň haýsylarynyň açykdygyny (birikme kabul edýär), ýapykdygyny (birikme ret edýär) ýa-da süzgüçlidigini (jogap ýok, firewall tarapyndan blokirlenen bolup biler) barlaýar. Her port belgisi ulgam hyzmatyna gabat gelýär — meselem, 80-nji port HTTP web traffigi, 22-nji port SSH uzakdan giriş, 3306-njy port bolsa MySQL maglumat bazasy.

Açyk — hyzmat işleýär we birikimleri kabul edýär Ýapyk — diňleýän hyzmat ýok, emma host elýeterli Süzgüçli — jogap alynmady, firewall tarapyndan blokirlenen bolup biler Localhost (bu maşyn), islendik lokal ulgam IP-si (mysal: 192.168.1.1) ýa-da domen adyny skanerlap bilersiňiz

Port Scanner TCP connect scan · max 100 ports · 50 concurrent

Target Host

Ports (comma or range, e.g. 80,443 or 1-1024)

◎

Enter a host and click Run Scan

What are Firewall Rules?

Firewall rules are instructions that tell the operating system how to handle incoming and outgoing network traffic. Each rule specifies: which chain (INPUT = incoming, OUTPUT = outgoing, FORWARD = forwarded traffic), what target/action (ACCEPT = allow, DROP = silently block, REJECT = block with error), which protocol (TCP, UDP), and optionally a source IP, destination IP, and port number.

On Linux: uses iptables or nftables — the standard kernel-level packet filtering tools On macOS: uses pf (Packet Filter) via pfctl command On Windows: uses Windows Firewall via netsh advfirewall command The Rule Manager lets you add custom rules directly — requires sudo/admin privileges

Firewall Düzgünleri Näme?

Firewall düzgünleri — işletme ulgamyna giriş we çykyş ulgam traffigini nähili işletmelidigini aýdýan görkezmeler. Her düzgün şulary kesgitleýär: haýsy zynjyr (INPUT = giriş, OUTPUT = çykyş, FORWARD = ugratylýan traffic), haýsy hereket (ACCEPT = rugsat ber, DROP = sessizce blokirle, REJECT = ýalňyşlyk bilen blokirle), haýsy protokol (TCP, UDP) we islegsiz çeşme IP, baryljak IP we port belgisi.

Linux-da: kernel derejesindäki paket filtrleme guraly bolan iptables ýa-da nftables ulanylýar macOS-da: pfctl buýrugy arkaly pf (Packet Filter) ulanylýar Windows-da: netsh advfirewall buýrugy arkaly Windows Firewall ulanylýar Düzgün Dolandyryjy öz düzgünleriňizi goşmaga mümkinçilik berýär — sudo/admin hukuklary gerek

System Firewall Rules

☰

Click Load Rules to fetch firewall rules

Rule Manager Add custom OS-level rules · requires sudo/admin

Chain

Target / Action

Protocol

Port

Source IP

Dest IP

Host-Based Firewall Control

A host-based firewall controls which network connections are allowed to and from this specific machine. Unlike a network firewall (which sits between networks), a host-based firewall runs directly on the device and protects it individually. When you block a port here, the OS drops all packets arriving at that port — making any service running on it unreachable from the network.

Block Port — adds a firewall rule to DROP all packets to that port (service becomes unreachable) Open Port — removes the block rule and adds ACCEPT (service becomes reachable again) Direction: Inbound = traffic coming IN to this machine | Outbound = traffic going OUT from this machine Requires running the server with sudo (Linux/macOS) or as Administrator (Windows) to apply OS rules

Hosta Esasly Firewall Dolandyryşy

Hosta esasly firewall bu maşyna gelen we bu maşyndan gidýän haýsy ulgam birikmeleriň rugsat edilýändigini dolandyrýar. Tor firewall-yndan (ulgamlar arasynda oturýan) tapawutlylykda, hosta esasly firewall enjamda göni işleýär we ony aýratyn goraýar. Bir porty blokirlänizde, OS şol porta gelen ähli paketleri aýyrýar — şol portda işleýän islendik hyzmat ulgamdan elýetersiz bolýar.

Port Blokirle — şol porta ähli paketleri DROP etmek üçin firewall düzgüni goşýar (hyzmat elýetersiz bolýar) Port Aç — blokirleme düzgünini aýyrýar we ACCEPT goşýar (hyzmat ýenede elýeterli bolýar) Ugur: Giriş = bu maşyna gelýän traffic | Çykyş = bu maşyndan gidýän traffic OS düzgünlerini ulanmak üçin serweri sudo bilen (Linux/macOS) ýa-da Administrator hökmünde (Windows) işletmek gerek

Device Port Control

Port Number (1–65535)

Protocol

Direction

Managed Ports

⊘

No ports managed yet. Use Block/Open Port above.

What is a WAF (Web Application Firewall)?

A Web Application Firewall (WAF) sits between clients and your web application, inspecting every HTTP request for malicious patterns. Unlike a network firewall (which only looks at IP addresses and ports), a WAF understands HTTP and can detect application-layer attacks hidden inside request parameters, headers, and body content. This WAF is implemented directly in Go as HTTP middleware — it processes every request before it reaches the API handlers.

SQL Injection — attempts to manipulate database queries via input fields (e.g. ' OR 1=1--) XSS (Cross-Site Scripting) — injecting malicious scripts into web pages (e.g. <script>alert(1)</script>) Path Traversal — accessing files outside the web root (e.g. ../../etc/passwd) Command Injection — executing OS commands through the app (e.g. ;whoami) Rate Limiting — auto-blocks IPs sending too many requests (default: 60/min, blocks for 5 min)

WAF (Web Programmasy Firewall) Näme?

Web Programmasy Firewall (WAF) müşderiler bilen web programmaňyzyň arasynda durýar we her HTTP haýyşyny zyýanly nusgalar üçin barlaýar. Ulgam firewall-yndan (diňe IP salgylaryna we portlara seredýän) tapawutlylykda, WAF HTTP-ni düşünýär we haýyş parametrlerinde, sazlaşyklarynda we düzüminde gizlenen programma gatlagy hüjümlerini anyklap bilýär. Bu WAF Go-da HTTP ýol çuňy hökmünde göni durmuşa geçirildi — her haýyşy API işleýjilerine ýetmezden ozal işleýär.

SQL Injeksiýa — giriş meýdanlary arkaly maglumat bazasy soraglaryny manipulýasiýa etmek synanyşygy XSS (Sahypa-arasy Skript) — web sahypalaryna zyýanly skriptler goýmak Ýol Geçiş — web köküniň daşyndaky faýllara girmek (meselem: ../../etc/passwd) Buýruk Injeksiýasy — programma arkaly OS buýruklaryny ýerine ýetirmek Tizlik Çäklendirmesi — gaty köp haýyş iberýän IP-leri otomatiki blokirleýär (deslapky: 60/min, 5 min blokirleýär)

Status & Attack Stats

Block / Unblock IP

IP Address

WAF Configuration

Max requests / minute per IP

Block duration (minutes)

Attack Detection Toggles

SQL InjectionCritical XSS (Cross-Site Scripting)High Path TraversalHigh Command InjectionCritical

All Active Protections

WAF Attack Detection

Real-time detection of SQL injection, XSS, path traversal, and command injection using regex pattern matching on URL, query string, and request body

Rate Limiting

Configurable max requests per minute per IP address. Abusive IPs are auto-blocked for a configurable duration.

IP Blocklist

Manually add any IP address to the blocklist. Blocked IPs receive a 403 Forbidden response on every request.

Request Size Limit

All request bodies are capped at 1MB. Oversized requests are rejected to prevent memory exhaustion attacks.

Security Headers

Every response includes: X-Frame-Options: DENY, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, Referrer-Policy: no-referrer

Audit Logging

Every request is logged: timestamp, client IP, HTTP method, URL path, allow/block decision, block reason, and detected attack type.

How to Read the Audit Log

The audit log records every HTTP request that passes through the WAF middleware. For each request you can see: the timestamp, client IP address (supports X-Forwarded-For for proxied requests), HTTP method (GET/POST), request path, whether it was ALLOWED or BLOCKED, the reason for blocking (rate limit, blocklist, attack type), and the detected attack category if applicable. The server stores the last 500 entries in memory; the log shows the most recent 100.

Green = ALLOWED — request passed all WAF checks and reached the API handler Red = BLOCKED — request was rejected by the WAF before reaching any handler Attack type badges (SQL, XSS, Path, CMD) indicate which detection rule triggered the block

Audit Žurnalyny Nähili Okamaly

Audit žurnaly WAF programmasy arkaly geçýän her HTTP haýyşy ýazga alýar. Her haýyş üçin şulary görüp bilersiňiz: wagt belgisi, müşderi IP salgysy (proksilenen haýyşlar üçin X-Forwarded-For goldaýar), HTTP usuly (GET/POST), haýyş ýoly, onuň RUGSAT EDILENDIGINI ýa-da BLOKIRLENENDIGINI, blokirleme sebäbi (tizlik çäklendirmesi, blokirleme sanawy, hüjüm görnüşi) we degişli ýagdaýda anyklanan hüjüm kategoriýasy. Serwer ýadynda soňky 500 ýazgyny saklaýar; žurnal iň soňky 100-ni görkezýär.

Ýaşyl = RUGSAT EDILDI — haýyş ähli WAF barlaglaryny geçip, API işleýjisine ýetdi Gyzyl = BLOKIRLENDI — haýyş islendik işleýjä ýetmezden WAF tarapyndan ret edildi Hüjüm görnüşi bellikleri (SQL, XSS, Ýol, CMD) haýsy tespit düzgüniniň blokirlemi işledendigini görkezýär

Audit Log Last 100 requests · newest first

≡

Click Load Audit Log to view requests

How the Vulnerability Tests Work

The test runner sends real HTTP requests from the server to itself, using known attack payloads and checking that the WAF correctly blocks them. Each test targets a specific security concern. Tests use a fake X-Forwarded-For IP so they don't interfere with your browser session. The rate limiting test sends 70 rapid requests to verify the 60/min limit kicks in.

PASS (✓) = The protection is working correctly — attacks are blocked or safe behavior confirmed FAIL (✗) = The protection is NOT working — a vulnerability may exist or a detection is disabled Severity levels: Critical > High > Medium > Low (reflects impact if the protection were missing) Run tests any time — they don't affect server data or real users (uses isolated test IPs)

Gowşaklyk Synaglary Nähili Işleýär

Synag işlediji hakyky HTTP haýyşlaryny belli hüjüm ýükleri bilen serweriň öz-özüne iberýär we WAF-yň olary dogry blokirleýändigini barlaýar. Her synag belli bir howpsuzlyk meselesini nyşana alýar. Synaglar siziň brauzer sessiýaňyza täsir etmezligi üçin galp X-Forwarded-For IP ulanýarlar. Tizlik çäklendirme synagy 60/min çäklendirilmäniň işleýändigini barlamak üçin 70 çalt haýyş iberýär.

GEÇDI (✓) = Gorag dogry işleýär — hüjümler blokirlenýär ýa-da howpsuz hereket tassyklandy ŞOWSUZ (✗) = Gorag işlänok — gowşaklyk bolup biler ýa-da tespit öçürilen Agyrylyk derejeleri: Kritiki > Ýokary > Orta > Pes (gorag ýok bolsa täsiri görkezýär) Islendik wagtda synaglary işlediň — olar serwer maglumatlaryna ýa-da hakyky ulanyjylara täsir etmeýär

Vulnerability Test Suite 10 tests · SQL · XSS · Path · CMD · Headers · Rate Limit

⬡

Click Run All Tests to start the security audit