mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 09:45:34 +00:00
17faa1f1b9
I've analyzed the script provided and I'll make some optimizations to improve its runtime performance while ensuring the functionality remains the same. Let's break it down step-by-step. ### Improvements. 1. **Avoid Redundant Checks:** Optimize by eliminating unnecessary repetitive checks. 2. **Combining String Operations:** Combine string operations to minimize calls. 3. **Caching Compiled Patterns:** If re.escape or re.compile are used multiple times for the same pattern, cache the results to avoid recomputing them. Here’s the optimized version of the script. ### Summary of changes. 1. **LRU Caching**. - Used `functools.lru_cache` to cache results of `_compile_pattern` and `_sanitize_pattern` for improved performance on repetitive calls. 2. **Removed Redundant Condition**. - Moved repeated checks and operations within a single `if` block to simplify the flow and eliminate unnecessary calls. 3. **Centralized Pattern Validation**. - Centralized the regex validation and escaping in `_sanitize_pattern` function to minimize redundancy. These changes should optimize your program's performance by reducing redundant computations and leveraging caching mechanisms. The functionality remains unchanged and will return the same values as before.
🔒 Patterns: OWASP CRS and Bad Bot Detection for Web Servers
Automate the scraping of OWASP Core Rule Set (CRS) patterns and convert them into Apache, Nginx, Traefik, and HAProxy WAF configurations.
Additionally, Bad Bot/User-Agent detection is integrated to block malicious web crawlers and scrapers.
🚀 Protect your servers against SQL Injection (SQLi), XSS, RCE, LFI, and malicious bots – with automated daily updates.
📌 Project Highlights
- 🛡️ OWASP CRS Protection – Leverages OWASP Core Rule Set for web application firewall (WAF) defense.
- 🤖 Bad Bot Blocking – Blocks known malicious bots using public bot lists.
- ⚙️ Multi-Web Server Support – Generates WAF configs for Apache, Nginx, Traefik, and HAProxy.
- 🔄 Automatic Updates – GitHub Actions fetch new rules daily and push updated configs.
- 📦 Pre-Generated Configurations – Download ready-to-use WAF configurations from GitHub Releases.
- 🧩 Scalable and Modular – Easily extendable to support other web servers or load balancers.
🌐 Supported Web Servers
- 🔵 Nginx
- 🟠 Apache (ModSecurity)
- 🟣 Traefik
- 🔴 HAProxy
Note
If you are using Caddy, check the caddy-waf project.
📂 Project Structure
patterns/
├── waf_patterns/ # 🔧 Generated WAF config files
│ ├── nginx/ # Nginx WAF configs
│ ├── apache/ # Apache WAF configs (ModSecurity)
│ ├── traefik/ # Traefik WAF configs
│ └── haproxy/ # HAProxy WAF configs
│── import_apache_waf.py
│── import_haproxy_waf.py
│── import_nginx_waf.py
│── import_traefik_waf.py
├── owasp.py # 🕵️ OWASP scraper (fetch CRS rules)
├── owasp2nginx.py # 🔄 Convert OWASP JSON to Nginx WAF configs
├── owasp2apache.py # 🔄 Convert OWASP JSON to Apache ModSecurity configs
├── owasp2haproxy.py # 🔄 Convert OWASP JSON to HAProxy WAF configs
├── badbots.py # 🤖 Generate WAF configs to block bad bots
├── requirements.txt # 📄 Required dependencies
└── .github/workflows/ # 🤖 GitHub Actions for automation
└── update_patterns.yml
🛠️ How It Works
🔹 1. Scraping OWASP Rules
owasp.pyscrapes the latest OWASP CRS patterns from GitHub.- Extracts SQLi, XSS, RCE, LFI patterns from OWASP CRS
.conffiles.
🔹 2. Generating WAF Configs for Each Platform
owasp2nginx.py– Generates Nginx WAF configurations.owasp2apache.py– Outputs Apache ModSecurity rules.owasp2traefik.py– Creates Traefik WAF rules.owasp2haproxy.py– Builds HAProxy ACL files.
🔹 3. Bad Bot/User-Agent Detection
badbots.pyfetches public bot lists and generates bot-blocking configs.- Supports fallback lists to ensure reliable detection.
⚙️ Installation
Option 1: Download Pre-Generated Configurations
You can download the latest pre-generated WAF configurations directly from the GitHub Releases page.
- Go to the Releases section.
- Download the zip file for your web server (e.g.,
nginx_waf.zip,apache_waf.zip). - Extract the files and follow the integration instructions below.
Option 2: Build from Source
If you prefer to generate the configurations yourself:
1. Clone the Repository:
git clone https://github.com/fabriziosalmi/patterns.git
cd patterns
2. Install Dependencies:
pip install -r requirements.txt
3. Run Manually (Optional):
python owasp.py
python owasp2nginx.py
python owasp2apache.py
python owasp2haproxy.py
python owasp2traefik.py
python badbots.py
🚀 Usage (Web Server Integration)
🔹 1. Nginx WAF Integration
- Download the
nginx_waf.zipfile from the Releases page. - Extract the files to your Nginx configuration directory.
- Include the generated
.conffiles in your Nginx configuration:include /path/to/waf_patterns/nginx/*.conf;
🔹 2. Apache WAF Integration
- Download the
apache_waf.zipfile from the Releases page. - Extract the files to your Apache configuration directory.
- Include the generated
.conffiles in your Apache configuration:Include /path/to/waf_patterns/apache/*.conf
🔹 3. Traefik WAF Integration
- Download the
traefik_waf.zipfile from the Releases page. - Extract the files and use the
middleware.tomlfile in your Traefik configuration.
🔹 4. HAProxy WAF Integration
- Download the
haproxy_waf.zipfile from the Releases page. - Extract the files and include the
waf.aclfile in your HAProxy configuration.
🔧 Example Output (Bot Blocker – Nginx)
map $http_user_agent $bad_bot {
"~*AhrefsBot" 1;
"~*SemrushBot" 1;
"~*MJ12bot" 1;
default 0;
}
if ($bad_bot) {
return 403;
}
🤖 Automation (GitHub Workflow)
- 🕛 Daily Updates – GitHub Actions fetch the latest OWASP CRS rules every day.
- 🔄 Auto Deployment – Pushes new
.conffiles directly towaf_patterns/. - 📦 Release Automation – Automatically creates a new release with pre-generated configurations.
- 🎯 Manual Trigger – Updates can also be triggered manually.
🤝 Contributing
- Fork the repository.
- Create a feature branch (
feature/new-patterns). - Commit and push changes.
- Open a Pull Request.
📄 License
This project is licensed under the MIT License.
See the LICENSE file for details.
📞 Need Help?
- Issues? Open a ticket in the Issues Tab.