mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 09:45:34 +00:00
9e85df0fee
feat: Implement OWASP CRS to HAProxy WAF conversion with enhanced features This commit introduces significant improvements to the script for converting OWASP Core Rule Set (CRS) rules into HAProxy Web Application Firewall (WAF) configurations. Key changes include: - **Expanded Operator Mapping:** Added more comprehensive mappings between ModSecurity operators and HAProxy equivalents, improving the translation of OWASP rules. - **Location-Based ACLs:** Implemented support for inspecting different request parameters (User-Agent, Request-URI, Host, etc.) based on the `location` field in the JSON rules, increasing the WAF's coverage. - **Rule Prioritization:** Introduced rule prioritization based on severity (high, medium, low), allowing for different actions (deny, log, tarpit) to be triggered based on the assessed risk. - **Improved Regex Handling:** Enhanced regex validation to identify and skip overly complex or invalid patterns, preventing performance issues and potential errors. - **Clearer ACL Logic:** Restructured the generated `waf.acl` file for better organization, separating ACL definitions from deny logic and grouping rules by request parameter location. - **Detailed Logging:** Improved logging to provide more specific information about skipped rules, invalid patterns, and other issues, aiding in debugging and configuration. - **Integer Comparison:** Added capability to use http-request to perform integer comparison instead of strings in the rules. These enhancements result in a more effective, maintainable, and configurable HAProxy WAF implementation based on the OWASP CRS. Please note that thorough testing and tuning are still crucial to ensure the WAF is working correctly and not causing false positives. This commit addresses the following issues: - Addresses overly aggressive rules causing false positives. - Implements missing support for ModSecurity operators. - Enables inspection of request parameters beyond the User-Agent header. - Provides a more organized and maintainable HAProxy WAF configuration.
🔒 Patterns: OWASP CRS and Bad Bot Detection for Web Servers
Automate the scraping of OWASP Core Rule Set (CRS) patterns and convert them into Apache, Nginx, Traefik, and HAProxy WAF configurations.
Additionally, Bad Bot/User-Agent detection is integrated to block malicious web crawlers and scrapers.
🚀 Protect your servers against SQL Injection (SQLi), XSS, RCE, LFI, and malicious bots – with automated daily updates.
📌 Project Highlights
- 🛡️ OWASP CRS Protection – Leverages OWASP Core Rule Set for web application firewall (WAF) defense.
- 🤖 Bad Bot Blocking – Blocks known malicious bots using public bot lists.
- ⚙️ Multi-Web Server Support – Generates WAF configs for Apache, Nginx, Traefik, and HAProxy.
- 🔄 Automatic Updates – GitHub Actions fetch new rules daily and push updated configs.
- 📦 Pre-Generated Configurations – Download ready-to-use WAF configurations from GitHub Releases.
- 🧩 Scalable and Modular – Easily extendable to support other web servers or load balancers.
🌐 Supported Web Servers
- 🔵 Nginx
- 🟠 Apache (ModSecurity)
- 🟣 Traefik
- 🔴 HAProxy
Note
If you are using Caddy, check the caddy-waf project.
📂 Project Structure
patterns/
├── waf_patterns/ # 🔧 Generated WAF config files
│ ├── nginx/ # Nginx WAF configs
│ ├── apache/ # Apache WAF configs (ModSecurity)
│ ├── traefik/ # Traefik WAF configs
│ └── haproxy/ # HAProxy WAF configs
│── import_apache_waf.py
│── import_haproxy_waf.py
│── import_nginx_waf.py
│── import_traefik_waf.py
├── owasp.py # 🕵️ OWASP scraper (fetch CRS rules)
├── owasp2nginx.py # 🔄 Convert OWASP JSON to Nginx WAF configs
├── owasp2apache.py # 🔄 Convert OWASP JSON to Apache ModSecurity configs
├── owasp2haproxy.py # 🔄 Convert OWASP JSON to HAProxy WAF configs
├── badbots.py # 🤖 Generate WAF configs to block bad bots
├── requirements.txt # 📄 Required dependencies
└── .github/workflows/ # 🤖 GitHub Actions for automation
└── update_patterns.yml
🛠️ How It Works
🔹 1. Scraping OWASP Rules
owasp.pyscrapes the latest OWASP CRS patterns from GitHub.- Extracts SQLi, XSS, RCE, LFI patterns from OWASP CRS
.conffiles.
🔹 2. Generating WAF Configs for Each Platform
owasp2nginx.py– Generates Nginx WAF configurations.owasp2apache.py– Outputs Apache ModSecurity rules.owasp2traefik.py– Creates Traefik WAF rules.owasp2haproxy.py– Builds HAProxy ACL files.
🔹 3. Bad Bot/User-Agent Detection
badbots.pyfetches public bot lists and generates bot-blocking configs.- Supports fallback lists to ensure reliable detection.
⚙️ Installation
Option 1: Download Pre-Generated Configurations
You can download the latest pre-generated WAF configurations directly from the GitHub Releases page.
- Go to the Releases section.
- Download the zip file for your web server (e.g.,
nginx_waf.zip,apache_waf.zip). - Extract the files and follow the integration instructions below.
Option 2: Build from Source
If you prefer to generate the configurations yourself:
1. Clone the Repository:
git clone https://github.com/fabriziosalmi/patterns.git
cd patterns
2. Install Dependencies:
pip install -r requirements.txt
3. Run Manually (Optional):
python owasp.py
python owasp2nginx.py
python owasp2apache.py
python owasp2haproxy.py
python owasp2traefik.py
python badbots.py
🚀 Usage (Web Server Integration)
🔹 1. Nginx WAF Integration
- Download the
nginx_waf.zipfile from the Releases page. - Extract the files to your Nginx configuration directory.
- Include the generated
.conffiles in your Nginx configuration:include /path/to/waf_patterns/nginx/*.conf;
🔹 2. Apache WAF Integration
- Download the
apache_waf.zipfile from the Releases page. - Extract the files to your Apache configuration directory.
- Include the generated
.conffiles in your Apache configuration:Include /path/to/waf_patterns/apache/*.conf
🔹 3. Traefik WAF Integration
- Download the
traefik_waf.zipfile from the Releases page. - Extract the files and use the
middleware.tomlfile in your Traefik configuration.
🔹 4. HAProxy WAF Integration
- Download the
haproxy_waf.zipfile from the Releases page. - Extract the files and include the
waf.aclfile in your HAProxy configuration.
🔧 Example Output (Bot Blocker – Nginx)
map $http_user_agent $bad_bot {
"~*AhrefsBot" 1;
"~*SemrushBot" 1;
"~*MJ12bot" 1;
default 0;
}
if ($bad_bot) {
return 403;
}
🤖 Automation (GitHub Workflow)
- 🕛 Daily Updates – GitHub Actions fetch the latest OWASP CRS rules every day.
- 🔄 Auto Deployment – Pushes new
.conffiles directly towaf_patterns/. - 📦 Release Automation – Automatically creates a new release with pre-generated configurations.
- 🎯 Manual Trigger – Updates can also be triggered manually.
🤝 Contributing
- Fork the repository.
- Create a feature branch (
feature/new-patterns). - Commit and push changes.
- Open a Pull Request.
📄 License
This project is licensed under the MIT License.
See the LICENSE file for details.
Others projects
If You like my projects, you may also like these ones:
- caddy-waf Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
- blacklists Hourly updated domains blacklist 🚫
- proxmox-vm-autoscale Automatically scale virtual machines resources on Proxmox hosts
- UglyFeed Retrieve, aggregate, filter, evaluate, rewrite and serve RSS feeds using Large Language Models for fun, research and learning purposes
- proxmox-lxc-autoscale Automatically scale LXC containers resources on Proxmox hosts
- DevGPT Code togheter, right now! GPT powered code assistant to build project in minutes
- websites-monitor Websites monitoring via GitHub Actions (expiration, security, performances, privacy, SEO)
- caddy-mib Track and ban client IPs generating repetitive errors on Caddy
- zonecontrol Cloudflare Zones Settings Automation using GitHub Actions
- lws linux (containers) web services
- cf-box cf-box is a set of Python tools to play with API and multiple Cloudflare accounts.
- limits Automated rate limits implementation for web servers
- dnscontrol-actions Automate DNS updates and rollbacks across multiple providers using DNSControl and GitHub Actions
- proxmox-lxc-autoscale-ml Automatically scale the LXC containers resources on Proxmox hosts with AI
- csv-anonymizer CSV fuzzer/anonymizer
- iamnotacoder AI code generation and improvement
📞 Need Help?
- Issues? Open a ticket in the Issues Tab.