Skip to content

Automated OWASP CRS and Bad Bot Detection for Caddy, Nginx, Apache, Traefik and HaProxy

License

Notifications You must be signed in to change notification settings

fabriziosalmi/patterns

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

64 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ”’ Patterns: OWASP CRS and Bad Bot Detection for Web Servers

Automate the scraping of OWASP Core Rule Set (CRS) patterns and convert them into Apache, Nginx, Caddy, Traefik, and HAProxy WAF configurations.
Additionally, Bad Bot/User-Agent detection is integrated to block malicious web crawlers and scrapers.

πŸš€ Protect your servers against SQL Injection (SQLi), XSS, RCE, LFI, and malicious bots – with automated daily updates.


πŸ“Œ Project Highlights

  • πŸ›‘οΈ OWASP CRS Protection – Leverages OWASP Core Rule Set for web application firewall (WAF) defense.
  • πŸ€– Bad Bot Blocking – Blocks known malicious bots using public bot lists.
  • βš™οΈ Multi-Web Server Support – Generates WAF configs for Apache, Nginx, Caddy, Traefik, and HAProxy.
  • πŸ”„ Automatic Updates – GitHub Actions fetch new rules daily and push updated configs.

🌐 Supported Web Servers

  • πŸ”΅ Nginx
  • 🟒 Caddy
  • 🟠 Apache (ModSecurity)
  • 🟣 Traefik
  • πŸ”΄ HAProxy

πŸ“‚ Project Structure

patterns/
β”œβ”€β”€ waf_patterns/           # πŸ”§ Generated WAF config files
β”‚   β”œβ”€β”€ caddy/              # Caddy WAF configs
β”‚   β”œβ”€β”€ nginx/              # Nginx WAF configs
β”‚   β”œβ”€β”€ apache/             # Apache WAF configs (ModSecurity)
β”‚   β”œβ”€β”€ traefik/            # Traefik WAF configs
β”‚   └── haproxy/            # HAProxy WAF configs
│── import_apache_waf.py
│── import_caddy_waf.py
│── import_haproxy_waf.py
│── import_nginx_waf.py
│── import_traefik_waf.py
β”œβ”€β”€ owasp.py                # πŸ•΅οΈ OWASP scraper (fetch CRS rules)
β”œβ”€β”€ owasp2caddy.py          # πŸ”„ Convert OWASP JSON to Caddy WAF configs
β”œβ”€β”€ owasp2nginx.py          # πŸ”„ Convert OWASP JSON to Nginx WAF configs
β”œβ”€β”€ owasp2apache.py         # πŸ”„ Convert OWASP JSON to Apache ModSecurity configs
β”œβ”€β”€ owasp2haproxy.py        # πŸ”„ Convert OWASP JSON to HAProxy WAF configs
β”œβ”€β”€ badbots.py              # πŸ€– Generate WAF configs to block bad bots
β”œβ”€β”€ requirements.txt        # πŸ“„ Required dependencies
└── .github/workflows/      # πŸ€– GitHub Actions for automation
    └── update_patterns.yml

πŸ› οΈ How It Works

πŸ”Ή 1. Scraping OWASP Rules

  • owasp.py scrapes the latest OWASP CRS patterns from GitHub.
  • Extracts SQLi, XSS, RCE, LFI patterns from OWASP CRS .conf files.

πŸ”Ή 2. Generating WAF Configs for Each Platform

  • owasp2caddy.py – Converts OWASP patterns into Caddy WAF rules.
  • owasp2nginx.py – Generates Nginx WAF configurations.
  • owasp2apache.py – Outputs Apache ModSecurity rules.
  • owasp2traefik.py – Creates Traefik WAF rules.
  • owasp2haproxy.py – Builds HAProxy ACL files.

πŸ”Ή 3. Bad Bot/User-Agent Detection

  • badbots.py fetches public bot lists and generates bot-blocking configs.
  • Supports fallback lists to ensure reliable detection.

βš™οΈ Installation

1. Clone the Repository:

git clone https://github.com/your-username/patterns.git  
cd patterns

2. Install Dependencies:

pip install -r requirements.txt

3. Run Manually (Optional):

python owasp.py
python owasp2caddy.py
python owasp2nginx.py
python owasp2apache.py
python badbots.py

πŸš€ Usage (Web Server Integration)

πŸ”Ή 1. Nginx WAF Integration

sudo python3 import_nginx_waf.py

πŸ”Ή 2. Caddy WAF Integration

sudo python3 import_caddy_waf.py

πŸ”Ή 3. Apache WAF Integration

sudo python3 import_apache_waf.py

πŸ”§ Example Output (Bot Blocker – Nginx)

map $http_user_agent $bad_bot {
    "~*AhrefsBot" 1;
    "~*SemrushBot" 1;
    "~*MJ12bot" 1;
    default 0;
}
if ($bad_bot) {
    return 403;
}

πŸ€– Automation (GitHub Workflow)

  • πŸ•› Daily Updates – GitHub Actions fetch the latest OWASP CRS rules every day.
  • πŸ”„ Auto Deployment – Pushes new .conf files directly to waf_patterns/.
  • 🎯 Manual Trigger – Updates can also be triggered manually.

🀝 Contributing

  1. Fork the repository.
  2. Create a feature branch (feature/new-patterns).
  3. Commit and push changes.
  4. Open a Pull Request.

Tip

Check the limits project too, it will be useful to implement rate limits rules for your web servers.

πŸ“„ License

This project is licensed under the MIT License.
See the LICENSE file for details.


πŸ“ž Need Help?


🌐 Resources