Patterns

Automate the scraping of OWASP Core Rule Set (CRS) patterns and convert them into Caddy web server WAF configurations.
This project helps protect Caddy servers against common web attacks like SQL Injection (SQLi), XSS, RCE, and more – all with minimal effort!

---

🚀 Project Overview

• 🎯 Goal: Automate OWASP CRS rule collection and generate Caddy WAF configs.
• ⚡ Automation: GitHub Actions fetch rules daily and push new configurations.
• 📄 Output: Caddy .conf files categorized by attack type (SQLi, XSS, LFI).

---

📂 Project Structure

patterns/
├── waf_patterns/           # 🔧 Generated Caddy WAF config files
│   ├── sql.conf            # SQL Injection patterns
│   ├── xss.conf            # XSS patterns
│   └── bots.conf           # Bot detection patterns
│── owasp.py            # 🕵️ OWASP scraper (fetch CRS rules)
├── owasp2caddy.py          # 🔄 Convert OWASP JSON to Caddy WAF configs
├── owasp_rules.json        # 📊 Fetched OWASP rules (raw)
├── requirements.txt        # 🔄 Required tools
└── .github/workflows/      # 🤖 GitHub Actions for automation
    └── update_patterns.yml

---

🛠️ How It Works

🔹 1. Scraping OWASP Rules

• owasp.py scrapes the latest OWASP CRS patterns from GitHub.
• Pulls attack patterns for SQLi, XSS, RCE, LFI from OWASP CRS .conf files.

🔹 2. Conversion to Caddy WAF

• owasp2caddy.py converts OWASP patterns (owasp_rules.json) into Caddy-compatible WAF config files.
• Output is stored in waf_patterns/ by attack category.

🔹 3. Automation (GitHub Actions)

• GitHub Actions fetch new rules daily at midnight.
• Updated rules are committed and pushed automatically to the repository.

---

⚙️ Installation

1. Clone the Repository:

git clone https://github.com/your-username/patterns.git  
cd patterns

2. Install Dependencies:

pip install -r requirements.txt

3. Run Manually (Optional):

python owasp.py
python owasp2caddy.py

---

🚀 Usage (Caddy WAF Integration)

1. Copy the Generated .conf Files:

sudo cp waf_patterns/*.conf /etc/caddy/

2. Import Patterns in Your Caddyfile:

import waf_patterns/*.conf

3. Reload Caddy:

caddy reload

---

🤖 Automation (GitHub Workflow)

The GitHub Action (.github/workflows/update_patterns.yml) automates updates:

• 🕛 Runs Daily at Midnight (UTC)
• 🎯 Manual Trigger Available (from GitHub Actions tab)
• 🚀 Pushes Updated WAF Files to waf_patterns/

To enable:

• Ensure the workflow file is active in your repository.
• Updated patterns will automatically sync to the repo.

---

🧩 Example Output (Caddy WAF)

SQL Injection Blocking (waf_patterns/sql.conf):

@block_sqli {
    path_regexp sqli "(?i)(union.*select|insert.*into|delete.*from|drop table)"
}
respond @block_sqli 403

XSS Blocking (waf_patterns/xss.conf):

@block_xss {
    path_regexp xss "(?i)<.*script.*>|javascript:|alert\(.*\)"
}
respond @block_xss 403

---

🔧 Contributing

1. Fork the repository.
2. Create a feature branch (feature/new-patterns).
3. Commit and push changes.
4. Open a pull request (PR).

---

📄 License

This project is licensed under the MIT License.
See the LICENSE file for details.

---

🌐 Resources

• OWASP CRS GitHub
• Caddy Web Server
• MIT License

---

🚨 Issues

If you encounter any issues, please open a ticket in the Issues Tab.