External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
fab 2024-12-21 01:41:06 +01:00 committed by GitHub
parent c87f286fa0
commit b98230ca52
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 67 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
README.md
View File

@ -1,47 +1,43 @@
# Patterns # 🔒 Patterns Automated OWASP CRS for Caddy, Nginx, and Apache
Automate the scraping of **OWASP Core Rule Set (CRS)** patterns and convert them into **Caddy web server WAF configurations**. Automate the scraping of **OWASP Core Rule Set (CRS)** patterns and convert them into **Caddy, Nginx, and Apache** WAF configurations.
This project helps protect Caddy servers against common web attacks like **SQL Injection (SQLi)**, **XSS**, **RCE**, and more all with minimal effort!
--- > This project helps protect web servers against common web attacks like **SQL Injection (SQLi)**, **XSS**, **RCE**, **LFI**, and more automatically updated and deployed!
## 🚀 Project Overview ## 🚀 Project Overview
- **🎯 Goal**: Automate OWASP CRS rule collection and generate Caddy WAF configs. - **🎯 Goal**: Automate OWASP CRS rule collection and generate WAF configs for **Caddy, Nginx, and Apache**.
- **⚡ Automation**: GitHub Actions fetch rules daily and push new configurations. - **⚡ Automation**: GitHub Actions fetch rules **daily** and push updated configurations to the repository.
- **📄 Output**: Caddy `.conf` files categorized by attack type (SQLi, XSS, LFI). - **📄 Output**: WAF `.conf` files categorized by attack type (SQLi, XSS, LFI) for **three web servers**.
---
## 📂 Project Structure ## 📂 Project Structure
``` ```
patterns/ patterns/
├── waf_patterns/ # 🔧 Generated Caddy WAF config files ├── waf_patterns/ # 🔧 Generated WAF config files
│ ├── sql.conf # SQL Injection patterns │ ├── caddy/ # Caddy WAF configs
│ ├── xss.conf # XSS patterns │ ├── nginx/ # Nginx WAF configs
│ └── bots.conf # Bot detection patterns │ └── apache/ # Apache WAF configs (ModSecurity)
│── owasp.py # 🕵️ OWASP scraper (fetch CRS rules) ├── owasp.py # 🕵️ OWASP scraper (fetch CRS rules)
├── owasp2caddy.py # 🔄 Convert OWASP JSON to Caddy WAF configs ├── owasp2caddy.py # 🔄 Convert OWASP JSON to Caddy WAF configs
├── owasp2nginx.py # 🔄 Convert OWASP JSON to Nginx WAF configs
├── owasp2apache.py # 🔄 Convert OWASP JSON to Apache ModSecurity configs
├── owasp_rules.json # 📊 Fetched OWASP rules (raw) ├── owasp_rules.json # 📊 Fetched OWASP rules (raw)
├── requirements.txt # 🔄 Required tools ├── requirements.txt # 🔄 Required tools
└── .github/workflows/ # 🤖 GitHub Actions for automation └── .github/workflows/ # 🤖 GitHub Actions for automation
└── update_patterns.yml └── update_patterns.yml
``` ```
---
## 🛠️ How It Works ## 🛠️ How It Works
### 🔹 1. Scraping OWASP Rules ### 🔹 1. Scraping OWASP Rules
- `owasp.py` scrapes the latest OWASP CRS patterns from GitHub. - `owasp.py` scrapes the latest OWASP CRS patterns from GitHub.
- Pulls attack patterns for **SQLi**, **XSS**, **RCE**, **LFI** from OWASP CRS `.conf` files. - Pulls attack patterns for **SQLi**, **XSS**, **RCE**, **LFI** from OWASP CRS `.conf` files.
### 🔹 2. Conversion to Caddy WAF ### 🔹 2. Multi-Platform WAF Config Generation
- `owasp2caddy.py` converts OWASP patterns (`owasp_rules.json`) into **Caddy-compatible WAF** config files. - **`owasp2caddy.py`** Generates Caddy WAF configs using OWASP patterns.
- Output is stored in `waf_patterns/` by attack category. - **`owasp2nginx.py`** Converts OWASP patterns into Nginx WAF rules.
- **`owasp2apache.py`** Converts OWASP rules into Apache **ModSecurity** configurations.
### 🔹 3. Automation (GitHub Actions) ### 🔹 3. Automation (GitHub Actions)
- GitHub Actions fetch new rules **daily at midnight**. - GitHub Actions fetch new rules **daily at midnight**.
- Updated rules are committed and pushed automatically to the repository. - Automatically commits and pushes new `.conf` files for all three platforms (Caddy, Nginx, Apache).
---
## ⚙️ Installation ## ⚙️ Installation
**1. Clone the Repository:** **1. Clone the Repository:**
@ -59,27 +55,54 @@ pip install -r requirements.txt
```bash ```bash
python owasp.py python owasp.py
python owasp2caddy.py python owasp2caddy.py
python owasp2nginx.py
python owasp2apache.py
``` ```
--- ## 🚀 Usage (Web Server Integration)
### 🔹 1. Caddy WAF Integration
## 🚀 Usage (Caddy WAF Integration)
**1. Copy the Generated `.conf` Files:**
```bash ```bash
sudo cp waf_patterns/*.conf /etc/caddy/ sudo cp waf_patterns/caddy/*.conf /etc/caddy/
``` ```
Add to **Caddyfile**:
**2. Import Patterns in Your Caddyfile:**
```caddy ```caddy
import waf_patterns/*.conf import waf_patterns/caddy/*.conf
``` ```
Reload Caddy:
**3. Reload Caddy:**
```bash ```bash
caddy reload caddy reload
``` ```
--- ### 🔹 2. Nginx WAF Integration
```bash
sudo cp waf_patterns/nginx/*.conf /etc/nginx/waf/
```
Modify Nginx config:
```nginx
server {
include /etc/nginx/waf/*.conf;
location / {
# Other configs...
}
}
```
Reload Nginx:
```bash
sudo nginx -s reload
```
### 🔹 3. Apache ModSecurity Integration
```bash
sudo cp waf_patterns/apache/*.conf /etc/modsecurity.d/
```
Add to Apache config:
```apache
IncludeOptional /etc/modsecurity.d/*.conf
```
Restart Apache:
```bash
sudo systemctl restart apache2
```
## 🤖 Automation (GitHub Workflow) ## 🤖 Automation (GitHub Workflow)
The GitHub Action (`.github/workflows/update_patterns.yml`) automates updates: The GitHub Action (`.github/workflows/update_patterns.yml`) automates updates:
@ -88,51 +111,35 @@ The GitHub Action (`.github/workflows/update_patterns.yml`) automates updates:
- 🚀 **Pushes Updated WAF Files** to `waf_patterns/` - 🚀 **Pushes Updated WAF Files** to `waf_patterns/`
To enable: To enable:
- Ensure the workflow file is active in your repository. - Ensure the workflow is active in your repository.
- Updated patterns will automatically sync to the repo. - Updated patterns will automatically sync to the repo and reflect in your WAF setup.
---
## 🧩 Example Output (Caddy WAF) ## 🧩 Example Output (ModSecurity Apache WAF)
**SQL Injection Blocking (waf_patterns/sql.conf)**: **SQL Injection Blocking (waf_patterns/apache/sql.conf)**:
```caddy ```apache
@block_sqli { SecRuleEngine On
path_regexp sqli "(?i)(union.*select|insert.*into|delete.*from|drop table)"
} SecRule REQUEST_URI "union.*select|insert.*into|delete.*from|drop table" "id:1000,phase:1,deny,status:403,log,msg:'SQLi attack detected'"
respond @block_sqli 403 SecRule REQUEST_URI "alter table|truncate.*|--" "id:1001,phase:1,deny,status:403,log,msg:'SQLi attack detected'"
``` ```
**XSS Blocking (waf_patterns/xss.conf)**:
```caddy
@block_xss {
path_regexp xss "(?i)<.*script.*>|javascript:|alert\(.*\)"
}
respond @block_xss 403
```
---
## 🔧 Contributing ## 🔧 Contributing
1. Fork the repository. 1. Fork the repository.
2. Create a feature branch (`feature/new-patterns`). 2. Create a feature branch (`feature/new-patterns`).
3. Commit and push changes. 3. Commit and push changes.
4. Open a pull request (PR). 4. Open a pull request (PR).
---
## 📄 License ## 📄 License
This project is licensed under the **MIT License**. This project is licensed under the **MIT License**.
See the [LICENSE](LICENSE) file for details. See the [LICENSE](LICENSE) file for details.
---
## 🌐 Resources ## 🌐 Resources
- [OWASP CRS GitHub](https://github.com/coreruleset/coreruleset) - [OWASP CRS GitHub](https://github.com/coreruleset/coreruleset)
- [Caddy Web Server](https://caddyserver.com/) - [Caddy Web Server](https://caddyserver.com/)
- [Nginx](https://nginx.org/)
- [Apache ModSecurity](https://modsecurity.org/)
- [MIT License](https://opensource.org/licenses/MIT) - [MIT License](https://opensource.org/licenses/MIT)
---
## 🚨 Issues ## 🚨 Issues
If you encounter any issues, please open a ticket in the [Issues Tab](https://github.com/your-username/patterns/issues). If you encounter any issues, please open a ticket in the [Issues Tab](https://github.com/your-username/patterns/issues).