Automate the scraping of OWASP Core Rule Set (CRS) patterns and convert them into Apache, Nginx, Caddy, Traefik, and HAProxy WAF configurations.
Additionally, Bad Bot/User-Agent detection is integrated to block malicious web crawlers and scrapers.
π Protect your servers against SQL Injection (SQLi), XSS, RCE, LFI, and malicious bots β with automated daily updates.
- π‘οΈ OWASP CRS Protection β Leverages OWASP Core Rule Set for web application firewall (WAF) defense.
- π€ Bad Bot Blocking β Blocks known malicious bots using public bot lists.
- βοΈ Multi-Web Server Support β Generates WAF configs for Apache, Nginx, Caddy, Traefik, and HAProxy.
- π Automatic Updates β GitHub Actions fetch new rules daily and push updated configs.
- π΅ Nginx
- π’ Caddy
- π Apache (ModSecurity)
- π£ Traefik
- π΄ HAProxy
patterns/
βββ waf_patterns/ # π§ Generated WAF config files
β βββ caddy/ # Caddy WAF configs
β βββ nginx/ # Nginx WAF configs
β βββ apache/ # Apache WAF configs (ModSecurity)
β βββ traefik/ # Traefik WAF configs
β βββ haproxy/ # HAProxy WAF configs
βββ import_apache_waf.py
βββ import_caddy_waf.py
βββ import_haproxy_waf.py
βββ import_nginx_waf.py
βββ import_traefik_waf.py
βββ owasp.py # π΅οΈ OWASP scraper (fetch CRS rules)
βββ owasp2caddy.py # π Convert OWASP JSON to Caddy WAF configs
βββ owasp2nginx.py # π Convert OWASP JSON to Nginx WAF configs
βββ owasp2apache.py # π Convert OWASP JSON to Apache ModSecurity configs
βββ owasp2haproxy.py # π Convert OWASP JSON to HAProxy WAF configs
βββ badbots.py # π€ Generate WAF configs to block bad bots
βββ requirements.txt # π Required dependencies
βββ .github/workflows/ # π€ GitHub Actions for automation
βββ update_patterns.yml
owasp.py
scrapes the latest OWASP CRS patterns from GitHub.- Extracts SQLi, XSS, RCE, LFI patterns from OWASP CRS
.conf
files.
owasp2caddy.py
β Converts OWASP patterns into Caddy WAF rules.owasp2nginx.py
β Generates Nginx WAF configurations.owasp2apache.py
β Outputs Apache ModSecurity rules.owasp2traefik.py
β Creates Traefik WAF rules.owasp2haproxy.py
β Builds HAProxy ACL files.
badbots.py
fetches public bot lists and generates bot-blocking configs.- Supports fallback lists to ensure reliable detection.
1. Clone the Repository:
git clone https://github.com/your-username/patterns.git
cd patterns
2. Install Dependencies:
pip install -r requirements.txt
3. Run Manually (Optional):
python owasp.py
python owasp2caddy.py
python owasp2nginx.py
python owasp2apache.py
python badbots.py
sudo python3 import_nginx_waf.py
sudo python3 import_caddy_waf.py
sudo python3 import_apache_waf.py
map $http_user_agent $bad_bot {
"~*AhrefsBot" 1;
"~*SemrushBot" 1;
"~*MJ12bot" 1;
default 0;
}
if ($bad_bot) {
return 403;
}
- π Daily Updates β GitHub Actions fetch the latest OWASP CRS rules every day.
- π Auto Deployment β Pushes new
.conf
files directly towaf_patterns/
. - π― Manual Trigger β Updates can also be triggered manually.
- Fork the repository.
- Create a feature branch (
feature/new-patterns
). - Commit and push changes.
- Open a Pull Request.
Tip
Check the limits project too, it will be useful to implement rate limits rules for your web servers.
This project is licensed under the MIT License.
See the LICENSE file for details.
- Issues? Open a ticket in the Issues Tab.