2024-12-21 09:14:46 +01:00
# 🔒 Patterns: OWASP CRS and Bad Bot Detection for Web Servers
2024-12-30 00:11:41 +01:00
2025-01-02 13:56:42 +01:00
Automate the scraping of **OWASP Core Rule Set (CRS)** patterns and convert them into **Apache, Nginx, Traefik, and HAProxy** WAF configurations.
2024-12-21 09:14:46 +01:00
Additionally, **Bad Bot/User-Agent detection** is integrated to block malicious web crawlers and scrapers.
2024-12-21 01:50:43 +01:00
2024-12-21 09:14:46 +01:00
> 🚀 **Protect your servers against SQL Injection (SQLi), XSS, RCE, LFI, and malicious bots –
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
2024-12-21 09:14:46 +01:00
## 📌 Project Highlights
- **🛡️ OWASP CRS Protection** –
- **🤖 Bad Bot Blocking** –
2025-01-02 19:08:47 +01:00
- **⚙️ Multi-Web Server Support** – **Apache, Nginx, Traefik, and HAProxy** .
2024-12-21 09:14:46 +01:00
- **🔄 Automatic Updates** – **daily** and push updated configs.
2025-01-03 13:52:23 +01:00
- **📦 Pre-Generated Configurations** – GitHub Releases ](https://github.com/fabriziosalmi/patterns/releases ).
2024-12-30 00:11:41 +01:00
- **🧩 Scalable and Modular** –
2024-12-21 09:14:46 +01:00
---
## 🌐 Supported Web Servers
- **🔵 Nginx**
- **🟠 Apache (ModSecurity)**
- **🟣 Traefik**
- **🔴 HAProxy**
2024-12-21 01:50:43 +01:00
2025-01-02 19:08:12 +01:00
> [!NOTE]
2025-01-03 13:52:23 +01:00
> If you are using Caddy, check the [caddy-waf](https://github.com/fabriziosalmi/caddy-waf) project.
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
## 📂 Project Structure
```
patterns/
2024-12-21 01:41:06 +01:00
├── waf_patterns/ # 🔧 Generated WAF config files
│ ├── nginx/ # Nginx WAF configs
2024-12-21 09:14:46 +01:00
│ ├── apache/ # Apache WAF configs (ModSecurity)
│ ├── traefik/ # Traefik WAF configs
│ └── haproxy/ # HAProxy WAF configs
│── import_apache_waf.py
│── import_haproxy_waf.py
│── import_nginx_waf.py
│── import_traefik_waf.py
2024-12-21 01:41:06 +01:00
├── owasp.py # 🕵️ OWASP scraper (fetch CRS rules)
├── owasp2nginx.py # 🔄 Convert OWASP JSON to Nginx WAF configs
├── owasp2apache.py # 🔄 Convert OWASP JSON to Apache ModSecurity configs
2024-12-21 09:14:46 +01:00
├── owasp2haproxy.py # 🔄 Convert OWASP JSON to HAProxy WAF configs
├── badbots.py # 🤖 Generate WAF configs to block bad bots
├── requirements.txt # 📄 Required dependencies
2024-12-21 01:10:17 +01:00
└── .github/workflows/ # 🤖 GitHub Actions for automation
└── update_patterns.yml
```
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
## 🛠️ How It Works
### 🔹 1. Scraping OWASP Rules
2024-12-21 09:14:46 +01:00
- **`owasp.py` ** scrapes the latest OWASP CRS patterns from GitHub.
- Extracts **SQLi, XSS, RCE, LFI** patterns from OWASP CRS `.conf` files.
2024-12-21 01:10:17 +01:00
2024-12-21 09:14:46 +01:00
### 🔹 2. Generating WAF Configs for Each Platform
- **`owasp2nginx.py` ** – **Nginx WAF** configurations.
- **`owasp2apache.py` ** – **Apache ModSecurity** rules.
- **`owasp2traefik.py` ** – **Traefik WAF** rules.
- **`owasp2haproxy.py` ** – **HAProxy ACL** files.
2024-12-21 01:10:17 +01:00
2024-12-21 01:50:43 +01:00
### 🔹 3. Bad Bot/User-Agent Detection
2024-12-21 09:14:46 +01:00
- **`badbots.py` ** fetches public bot lists and generates bot-blocking configs.
- Supports fallback lists to ensure reliable detection.
2024-12-21 01:50:43 +01:00
2025-01-03 13:52:23 +01:00
---
2025-01-03 13:24:40 +01:00
2025-01-03 13:52:23 +01:00
## ⚙️ Installation
2025-01-03 13:24:40 +01:00
2025-01-03 13:52:23 +01:00
### Option 1: Download Pre-Generated Configurations
You can download the latest pre-generated WAF configurations directly from the [GitHub Releases ](https://github.com/fabriziosalmi/patterns/releases ) page.
2025-01-03 13:24:40 +01:00
2025-01-03 13:52:23 +01:00
1. Go to the [Releases ](https://github.com/fabriziosalmi/patterns/releases ) section.
2. Download the zip file for your web server (e.g., `nginx_waf.zip` , `apache_waf.zip` ).
3. Extract the files and follow the integration instructions below.
2025-01-03 13:24:40 +01:00
2025-01-03 13:52:23 +01:00
### Option 2: Build from Source
If you prefer to generate the configurations yourself:
2025-01-03 13:25:16 +01:00
2024-12-21 01:10:17 +01:00
**1. Clone the Repository:**
```bash
2024-12-30 00:11:41 +01:00
git clone https://github.com/fabriziosalmi/patterns.git
2024-12-21 01:10:17 +01:00
cd patterns
```
**2. Install Dependencies:**
```bash
pip install -r requirements.txt
```
**3. Run Manually (Optional):**
```bash
python owasp.py
2024-12-21 01:41:06 +01:00
python owasp2nginx.py
python owasp2apache.py
2024-12-30 00:11:41 +01:00
python owasp2haproxy.py
python owasp2traefik.py
2024-12-21 01:50:43 +01:00
python badbots.py
2024-12-21 01:10:17 +01:00
```
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:41:06 +01:00
## 🚀 Usage (Web Server Integration)
2025-01-03 13:52:23 +01:00
2024-12-21 09:14:46 +01:00
### 🔹 1. Nginx WAF Integration
2025-01-03 13:52:23 +01:00
1. Download the `nginx_waf.zip` file from the [Releases ](https://github.com/fabriziosalmi/patterns/releases ) page.
2. Extract the files to your Nginx configuration directory.
3. Include the generated `.conf` files in your Nginx configuration:
```nginx
include /path/to/waf_patterns/nginx/*.conf;
```
2024-12-21 01:10:17 +01:00
2025-01-02 19:08:12 +01:00
### 🔹 2. Apache WAF Integration
2025-01-03 13:52:23 +01:00
1. Download the `apache_waf.zip` file from the [Releases ](https://github.com/fabriziosalmi/patterns/releases ) page.
2. Extract the files to your Apache configuration directory.
3. Include the generated `.conf` files in your Apache configuration:
```apache
Include /path/to/waf_patterns/apache/*.conf
```
2024-12-21 01:10:17 +01:00
2025-01-02 19:08:12 +01:00
### 🔹 3. Traefik WAF Integration
2025-01-03 13:52:23 +01:00
1. Download the `traefik_waf.zip` file from the [Releases ](https://github.com/fabriziosalmi/patterns/releases ) page.
2. Extract the files and use the `middleware.toml` file in your Traefik configuration.
2024-12-30 00:11:41 +01:00
2025-01-02 19:08:12 +01:00
### 🔹 4. HAProxy WAF Integration
2025-01-03 13:52:23 +01:00
1. Download the `haproxy_waf.zip` file from the [Releases ](https://github.com/fabriziosalmi/patterns/releases ) page.
2. Extract the files and include the `waf.acl` file in your HAProxy configuration.
2024-12-30 00:11:41 +01:00
2024-12-21 01:50:43 +01:00
---
2024-12-21 09:14:46 +01:00
## 🔧 Example Output (Bot Blocker –
2024-12-21 01:50:43 +01:00
```nginx
map $http_user_agent $bad_bot {
"~*AhrefsBot" 1;
"~*SemrushBot" 1;
"~*MJ12bot" 1;
default 0;
}
if ($bad_bot) {
return 403;
}
```
---
2024-12-21 01:10:17 +01:00
## 🤖 Automation (GitHub Workflow)
2024-12-21 09:14:46 +01:00
- **🕛 Daily Updates** –
- **🔄 Auto Deployment** – `.conf` files directly to `waf_patterns/` .
2025-01-03 13:52:23 +01:00
- **📦 Release Automation** –
2024-12-21 09:14:46 +01:00
- **🎯 Manual Trigger** –
2024-12-21 01:10:17 +01:00
2024-12-21 01:50:43 +01:00
---
2024-12-21 01:10:17 +01:00
2024-12-21 09:14:46 +01:00
## 🤝 Contributing
1. **Fork** the repository.
2. Create a **feature branch** (`feature/new-patterns` ).
3. **Commit** and push changes.
4. Open a **Pull Request** .
2024-12-21 01:10:17 +01:00
2024-12-30 00:11:41 +01:00
---
2024-12-21 01:50:43 +01:00
2024-12-21 01:10:17 +01:00
## 📄 License
This project is licensed under the **MIT License** .
See the [LICENSE ](LICENSE ) file for details.
2024-12-21 01:50:43 +01:00
---
2024-12-21 09:14:46 +01:00
## 📞 Need Help?
2025-01-03 13:52:23 +01:00
- **Issues?** Open a ticket in the [Issues Tab ](https://github.com/fabriziosalmi/patterns/issues ).
2024-12-21 09:14:46 +01:00
---
2024-12-21 01:10:17 +01:00
## 🌐 Resources
2024-12-21 09:14:46 +01:00
- [OWASP CRS ](https://github.com/coreruleset/coreruleset )
2024-12-30 00:11:41 +01:00
- [Apache ModSecurity ](https://modsecurity.org/ )
2024-12-21 01:41:06 +01:00
- [Nginx ](https://nginx.org/ )
2024-12-30 00:11:41 +01:00
- [Traefik ](https://github.com/traefik/traefik )
- [HaProxy ](https://www.haproxy.org/ )
