Raptor is a C based open source web application firewall that uses DFA (Deterministic Finite Automata) to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal. It allows you to block some users with the blacklist of IPs (config/blacklist_ip.txt).
$ git clone https://github.com/CoolerVoid/raptor_waf
$ cd raptor_waf; make; bin/raptor
Note: Don’t execute with “cd bin; ./raptor” use full path “bin/raptor”.
Remember: It needs lib pcre to compile.
Up some HTTPd server at port 80 redirect with raptor to port 8883:
$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt
Copy vulnerable PHP code to your web server directory:
$ cp doc/test_dfa/test.php /var/www/html
Now you can test xss attacks at http://localhost:8883/test.php
Other option to run(now with regex, look file config/regex_rules.txt to edit rules):
$ bin/Raptor -h 127.0.0.1 -p 80 -r 8883 -w 0 -o resultwaf -m pcre