External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-18 10:15:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create import_haproxy_waf.py

Browse Source
This commit is contained in:
fab 2024-12-21 09:08:22 +01:00 committed by GitHub
parent a76150763a
commit 4f238e10a2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
import_haproxy_waf.py Normal file
View File

@ -0,0 +1,63 @@
import os
import subprocess
import logging
logging.basicConfig(level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s")
# Paths
WAF_DIR = "waf_patterns/haproxy"
HAPROXY_WAF_DIR = "/etc/haproxy/waf/"
HAPROXY_CONF = "/etc/haproxy/haproxy.cfg"
INCLUDE_STATEMENT = " acl bad_bot hdr_sub(User-Agent) -i waf/bots.acl"
def copy_waf_files():
logging.info("Copying HAProxy WAF patterns...")
# Ensure the target directory exists
os.makedirs(HAPROXY_WAF_DIR, exist_ok=True)
# Copy acl files
for file in ["bots.acl", "waf.acl"]:
src_path = os.path.join(WAF_DIR, file)
dst_path = os.path.join(HAPROXY_WAF_DIR, file)
if os.path.exists(src_path):
subprocess.run(["cp", src_path, dst_path], check=True)
logging.info(f"[+] {file} copied to {HAPROXY_WAF_DIR}")
else:
logging.warning(f"[!] {file} not found in {WAF_DIR}")
def update_haproxy_conf():
logging.info("Ensuring WAF patterns are included in haproxy.cfg...")
with open(HAPROXY_CONF, "r") as f:
config = f.read()
if INCLUDE_STATEMENT not in config:
logging.info("Adding WAF rules to haproxy.cfg...")
with open(HAPROXY_CONF, "a") as f:
f.write(
f"\n# WAF and Bot Protection\n"
f"frontend http-in\n"
f" bind *:80\n"
f" default_backend web_backend\n"
f" acl bad_bot hdr_sub(User-Agent) -i waf/bots.acl\n"
f" acl waf_attack path_reg waf/waf.acl\n"
f" http-request deny if bad_bot\n"
f" http-request deny if waf_attack\n"
)
else:
logging.info("WAF patterns already included in haproxy.cfg.")
def reload_haproxy():
logging.info("Testing HAProxy configuration...")
subprocess.run(["haproxy", "-c", "-f", HAPROXY_CONF], check=True)
logging.info("Reloading HAProxy to apply new WAF rules...")
subprocess.run(["systemctl", "reload", "haproxy"], check=True)
if __name__ == "__main__":
copy_waf_files()
update_haproxy_conf()
reload_haproxy()
logging.info("[✔] HAProxy configured with latest WAF rules.")