This project helps protect web servers against common web attacks like SQL Injection (SQLi), XSS, RCE, LFI, and more – automatically updated and deployed!

🚀 Project Overview

🎯 Goal: Automate OWASP CRS rule collection and generate WAF configs for Caddy, Nginx, and Apache.
⚡ Automation: GitHub Actions fetch rules daily and push updated configurations to the repository.
📄 Output: WAF .conf files categorized by attack type (SQLi, XSS, LFI) for all supported web servers.

📂 Project Structure

patterns/
├── waf_patterns/           # 🔧 Generated WAF config files
│   ├── caddy/              # Caddy WAF configs
│   ├── nginx/              # Nginx WAF configs
│   └── apache/             # Apache WAF configs (ModSecurity)
├── owasp.py                # 🕵️ OWASP scraper (fetch CRS rules)
├── owasp2caddy.py          # 🔄 Convert OWASP JSON to Caddy WAF configs
├── owasp2nginx.py          # 🔄 Convert OWASP JSON to Nginx WAF configs
├── owasp2apache.py         # 🔄 Convert OWASP JSON to Apache ModSecurity configs
├── owasp_rules.json        # 📊 Fetched OWASP rules (raw)
├── requirements.txt        # 🔄 Required tools
└── .github/workflows/      # 🤖 GitHub Actions for automation
    └── update_patterns.yml

🛠️ How It Works

🔹 1. Scraping OWASP Rules

owasp.py scrapes the latest OWASP CRS patterns from GitHub.
Pulls attack patterns for SQLi, XSS, RCE, LFI from OWASP CRS .conf files.

🔹 2. Multi-Platform WAF Config Generation

owasp2caddy.py – Generates Caddy WAF configs using OWASP patterns.
owasp2nginx.py – Converts OWASP patterns into Nginx WAF rules.
owasp2apache.py – Converts OWASP rules into Apache ModSecurity configurations.

🔹 3. Automation (GitHub Actions)

GitHub Actions fetch new rules daily at midnight.
Automatically commits and pushes new .conf files for all three platforms (Caddy, Nginx, Apache).

⚙️ Installation

1. Clone the Repository:

git clone https://github.com/your-username/patterns.git  
cd patterns

2. Install Dependencies:

pip install -r requirements.txt

3. Run Manually (Optional):

python owasp.py
python owasp2caddy.py
python owasp2nginx.py
python owasp2apache.py

🚀 Usage (Web Server Integration)

🔹 1. Caddy WAF Integration

sudo cp waf_patterns/caddy/*.conf /etc/caddy/

Add to Caddyfile:

import waf_patterns/caddy/*.conf

Reload Caddy:

caddy reload

🔹 2. Nginx WAF Integration

sudo cp waf_patterns/nginx/*.conf /etc/nginx/waf/

Modify Nginx config:

server {
    include /etc/nginx/waf/*.conf;
    location / {
        # Other configs...
    }
}

Reload Nginx:

sudo nginx -s reload

🔹 3. Apache ModSecurity Integration

sudo cp waf_patterns/apache/*.conf /etc/modsecurity.d/

Add to Apache config:

IncludeOptional /etc/modsecurity.d/*.conf

Restart Apache:

sudo systemctl restart apache2

🤖 Automation (GitHub Workflow)

The GitHub Action (.github/workflows/update_patterns.yml) automates updates:

🕛 Runs Daily at Midnight (UTC)
🎯 Manual Trigger Available (from GitHub Actions tab)
🚀 Pushes Updated WAF Files to waf_patterns/

To enable:

Ensure the workflow is active in your repository.
Updated patterns will automatically sync to the repo and reflect in your WAF setup.

🧩 Example Output (ModSecurity – Apache WAF)

SQL Injection Blocking (waf_patterns/apache/sql.conf):

SecRuleEngine On

SecRule REQUEST_URI "union.*select|insert.*into|delete.*from|drop table" "id:1000,phase:1,deny,status:403,log,msg:'SQLi attack detected'"
SecRule REQUEST_URI "alter table|truncate.*|--" "id:1001,phase:1,deny,status:403,log,msg:'SQLi attack detected'"

🔧 Contributing

Fork the repository.
Create a feature branch (feature/new-patterns).
Commit and push changes.
Open a pull request (PR).

📄 License

This project is licensed under the MIT License.
See the LICENSE file for details.

🌐 Resources

🚨 Issues

If you encounter any issues, please open a ticket in the Issues Tab.

README.md Unescape Escape

🔒 Patterns – Automated OWASP CRS for Caddy, Nginx, and Apache