2024-12-21 02:07:02 +01:00
# Patterns: OWASP CRS and Bad Bot Detection rules for web servers
Automate the scraping of **OWASP Core Rule Set (CRS)** patterns and convert them into **Apache, Nginx, Caddy, Traefik and HaProxy** WAF configurations. Additionally, **Bad Bot/User-Agent detection** is integrated to block malicious web crawlers and scrapers.
2024-12-21 01:50:43 +01:00
2024-12-21 02:07:02 +01:00
> [!NOTE]
2024-12-21 01:50:43 +01:00
> This project helps protect web servers against common web attacks like **SQL Injection (SQLi)**, **XSS**, **RCE**, **LFI**, and malicious bots –
---
2024-12-21 01:10:17 +01:00
## 🚀 Project Overview
2024-12-21 01:41:06 +01:00
- **🎯 Goal**: Automate OWASP CRS rule collection and generate WAF configs for **Caddy, Nginx, and Apache** .
- **⚡ Automation**: GitHub Actions fetch rules **daily** and push updated configurations to the repository.
2024-12-21 01:50:43 +01:00
- **🤖 Bad Bot Blocking**: Block harmful bots by generating WAF rules from **public bot lists** .
- **📄 Output**: WAF `.conf` files categorized by attack type (SQLi, XSS, LFI) and bot lists.
---
2024-12-21 01:10:17 +01:00
## 📂 Project Structure
```
patterns/
2024-12-21 01:41:06 +01:00
├── waf_patterns/ # 🔧 Generated WAF config files
│ ├── caddy/ # Caddy WAF configs
│ ├── nginx/ # Nginx WAF configs
│ └── apache/ # Apache WAF configs (ModSecurity)
├── owasp.py # 🕵️ OWASP scraper (fetch CRS rules)
2024-12-21 01:10:17 +01:00
├── owasp2caddy.py # 🔄 Convert OWASP JSON to Caddy WAF configs
2024-12-21 01:41:06 +01:00
├── owasp2nginx.py # 🔄 Convert OWASP JSON to Nginx WAF configs
├── owasp2apache.py # 🔄 Convert OWASP JSON to Apache ModSecurity configs
2024-12-21 01:50:43 +01:00
├── badbots.py # 🔄 Generate WAF configs to block bad bots
2024-12-21 01:10:17 +01:00
├── owasp_rules.json # 📊 Fetched OWASP rules (raw)
2024-12-21 01:11:51 +01:00
├── requirements.txt # 🔄 Required tools
2024-12-21 01:10:17 +01:00
└── .github/workflows/ # 🤖 GitHub Actions for automation
└── update_patterns.yml
```
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
## 🛠️ How It Works
### 🔹 1. Scraping OWASP Rules
- `owasp.py` scrapes the latest OWASP CRS patterns from GitHub.
- Pulls attack patterns for **SQLi** , **XSS** , **RCE** , **LFI** from OWASP CRS `.conf` files.
2024-12-21 01:41:06 +01:00
### 🔹 2. Multi-Platform WAF Config Generation
- **`owasp2caddy.py` ** –
- **`owasp2nginx.py` ** –
- **`owasp2apache.py` ** – **ModSecurity** configurations.
2024-12-21 01:10:17 +01:00
2024-12-21 01:50:43 +01:00
### 🔹 3. Bad Bot/User-Agent Detection
- `badbots.py` fetches **public bot lists** to block malicious crawlers.
- Fallback lists ensure bot detection works even if the main source fails.
- Generates `.conf` files for Caddy, Nginx, and Apache.
### 🔹 4. Automation (GitHub Actions)
- GitHub Actions fetch new rules and bot lists **daily at midnight** .
- Automatically commits and pushes updated `.conf` files for all three platforms (Caddy, Nginx, Apache).
---
2024-12-21 01:10:17 +01:00
## ⚙️ Installation
**1. Clone the Repository:**
```bash
git clone https://github.com/your-username/patterns.git
cd patterns
```
**2. Install Dependencies:**
```bash
pip install -r requirements.txt
```
**3. Run Manually (Optional):**
```bash
python owasp.py
python owasp2caddy.py
2024-12-21 01:41:06 +01:00
python owasp2nginx.py
python owasp2apache.py
2024-12-21 01:50:43 +01:00
python badbots.py
2024-12-21 01:10:17 +01:00
```
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:41:06 +01:00
## 🚀 Usage (Web Server Integration)
### 🔹 1. Caddy WAF Integration
2024-12-21 01:10:17 +01:00
```bash
2024-12-21 01:41:06 +01:00
sudo cp waf_patterns/caddy/*.conf /etc/caddy/
2024-12-21 01:10:17 +01:00
```
2024-12-21 01:41:06 +01:00
Add to **Caddyfile** :
2024-12-21 01:10:17 +01:00
```caddy
2024-12-21 01:41:06 +01:00
import waf_patterns/caddy/*.conf
2024-12-21 01:10:17 +01:00
```
2024-12-21 01:41:06 +01:00
Reload Caddy:
2024-12-21 01:10:17 +01:00
```bash
caddy reload
```
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:41:06 +01:00
### 🔹 2. Nginx WAF Integration
```bash
sudo cp waf_patterns/nginx/*.conf /etc/nginx/waf/
```
Modify Nginx config:
```nginx
server {
include /etc/nginx/waf/*.conf;
location / {
# Other configs...
}
}
```
Reload Nginx:
```bash
sudo nginx -s reload
```
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:41:06 +01:00
### 🔹 3. Apache ModSecurity Integration
```bash
sudo cp waf_patterns/apache/*.conf /etc/modsecurity.d/
```
Add to Apache config:
```apache
IncludeOptional /etc/modsecurity.d/*.conf
```
Restart Apache:
```bash
sudo systemctl restart apache2
```
2024-12-21 01:10:17 +01:00
2024-12-21 01:50:43 +01:00
---
## 🧩 Example Output (Bot Blocker –
**Bot Blocking (waf_patterns/nginx/bots.conf)**:
```nginx
map $http_user_agent $bad_bot {
"~*AhrefsBot" 1;
"~*SemrushBot" 1;
"~*MJ12bot" 1;
default 0;
}
if ($bad_bot) {
return 403;
}
```
---
2024-12-21 01:10:17 +01:00
## 🤖 Automation (GitHub Workflow)
The GitHub Action (`.github/workflows/update_patterns.yml` ) automates updates:
- 🕛 **Runs Daily at Midnight (UTC)**
- 🎯 **Manual Trigger Available** (from GitHub Actions tab)
- 🚀 **Pushes Updated WAF Files** to `waf_patterns/`
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
## 🔧 Contributing
1. Fork the repository.
2. Create a feature branch (`feature/new-patterns` ).
3. Commit and push changes.
4. Open a pull request (PR).
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
## 📄 License
This project is licensed under the **MIT License** .
See the [LICENSE ](LICENSE ) file for details.
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
## 🌐 Resources
- [OWASP CRS GitHub ](https://github.com/coreruleset/coreruleset )
- [Caddy Web Server ](https://caddyserver.com/ )
2024-12-21 01:41:06 +01:00
- [Nginx ](https://nginx.org/ )
- [Apache ModSecurity ](https://modsecurity.org/ )
2024-12-21 01:10:17 +01:00
- [MIT License ](https://opensource.org/licenses/MIT )
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
## 🚨 Issues
If you encounter any issues, please open a ticket in the [Issues Tab ](https://github.com/your-username/patterns/issues ).
