A lightweight Web Application Firewall (WAF) demo that uses machine learning models to detect XSS and SQL Injection attacks. The system includes a Flask frontend, an orchestration API, and trained time series (TS) models. Deployed using Docker Compose for modularity and scalability.
- ✅ Flask-based web UI for testing payloads
- ✅ Real-time ML-powered detection of XSS & SQLi
- ✅ SQLite database with log persistence
- ✅ Displays client IP & location via IP geolocation API
- ✅ Live update of results using Socket.IO
- ✅ Docker Compose orchestration for local development
git clone https://github.com/NirAlon/waf-demo.git
cd waf-demodocker-compose up --buildFrontend will be available at: 👉 http://localhost:8003
-
Users input a test payload and attack type (XSS or SQLi) via the web UI.
-
The Flask app sends the payload to the orchestration API.
-
The orchestrator routes the request to the appropriate ML model.
-
The model returns a score indicating whether the payload is malicious.
-
The result is logged (along with IP/location) and shown in real-time on the dashboard.
-
SQLi:
OR 1=1 -- -
XSS:
<script>alert("XSS ATTACK")</script>
- Python (Flask, SQLAlchemy, requests)
- TensorFlow / Scikit-learn (ML models)
- Chart.js & Bootstrap (Frontend UI)
- Docker & Docker Compose
- Socket.IO (Live updates)
- ipapi.co (for IP geolocation)
MIT License © 2025 Nir Alon
Nir Alon | Backend Engineer | ML Security Enthusiast | Infra Builder