WACElib is the core library of the WACE (WAF with Adaptive Classification Engine) project. It integrates machine learning model outputs with traditional WAF rule signals — like ModSecurity’s OWASP Core Rule Set — to make smarter, more accurate blocking decisions for web transactions. Use WACElib directly in your Go application or via Coraza WAF integration.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/tilsor/ModSecIntl_wace_lib/llms.txt
Use this file to discover all available pages before exploring further.
Quickstart
Get WACElib integrated and analyzing your first transaction in minutes.
Architecture
Understand how WACE combines WAF signals with ML models.
Configuration
Configure model plugins, decision plugins, and logging.
API Reference
Explore the full Go API surface for WACElib.
How WACElib works
WACElib sits alongside your WAF, receiving HTTP transaction data and running it through one or more machine learning model plugins. After collecting model scores, a decision plugin combines those scores with WAF rule signals (such as anomaly scores from ModSecurity) to produce a final block/allow decision.Start a transaction
Call
InitTransaction with a unique transaction ID at the start of each HTTP request.Analyze request and response parts
Call
Analyze one or more times — for request headers, request body, response headers, or response body — passing the relevant ML model IDs.Key features
Plugin-based ML models
Load Go shared-library plugins for any ML model. Swap or extend models without changing application code.
Sync, async, and remote modes
Run models synchronously in-process, asynchronously via NATS queues, or remotely on dedicated inference servers.
Granular payload analysis
Analyze any subset of the HTTP transaction: request headers, request body, response headers, response body, or everything at once.
OpenTelemetry observability
Built-in metrics for model latency and blocked request counts, compatible with any OpenTelemetry-compatible backend.