Company News
Socket Joins the OpenJS Foundation
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.
By Sarah Gooding - Feb 19, 2026
New: Introducing PHP and Composer Support.Read the Announcement →
wafris
Wafris is an open-source Web Application Firewall (WAF) that runs within your Node web application (and other frameworks) powered by Redis.
Wafris for Node Express
Wafris is an open-source Web Application Firewall (WAF) that runs within your Node web application (and other frameworks) powered by Redis.
Paired with Wafris Hub, you can create rules to block malicious traffic from hitting your application.
Rules like:
- Block IP addresses (IPv6 and IPv4) from making requests
- Block on hosts, paths, user agents, parameters, and methods
- Rate limit (throttle) requests
- Visualize inbound traffic and requests
Need a better explanation? Read the overview at: wafris.org
Installation and Configuration
The Wafris Node package creates a middleware function that communicates with a Redis instance that you can insert into your Express application's middleware stack.
Requirements
- redis
- Express
Setup
1. Connect on Wafris Hub
Go to https://wafris.org/hub to create a new account and follow the instructions to link your Redis instance.
Note: In Step 3, you'll use this same Redis URL in your app configuration.
2. Add the middleware to your application
Use your preferred package manager to add node-wafris. For instance, using
npm
npm install https://github.com/Wafris/node-wafris.git
3. Initialize the middleware
Using the node-wafris middleware is fairly straightforward. Simply invoke
the library's exported function with a configuration and use the returned
middleware function in your Express application:
Note: We recommend storing the Redis URL as an environment variable or in a secret management system of your choosing rather than hard coding the string in the initializer.
import express from "express";
import wafrisMiddleware from "wafris";
const app = express();
const redisUrl = process.env.REDIS_URL || "redis://localhost:6379";
const wafrisConfig = { redisUrl };
const wafris = await wafrisMiddleware(wafrisConfig);
app.use("/", wafris);
A few configuration properties are available and all have sensible defaults. See the WafrisConfig type definition for the full list.
Not sure what Redis provider to use? Please read our Wafris Redis Providers Guide
FAQs
Wafris is an open-source Web Application Firewall (WAF) that runs within your Node web application (and other frameworks) powered by Redis.
We found that wafris demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Aug 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Socket Security Analysis Is Now One Click Away on npm
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.
By Sarah Gooding - Feb 19, 2026
Security News
Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack
A compromised npm publish token was used to push a malicious postinstall script in cline@2.3.0, affecting the popular AI coding agent CLI with 90k weekly downloads.
By Sarah Gooding - Feb 18, 2026