Automate the scraping of OWASP Core Rule Set (CRS) patterns and convert them into Apache, Nginx, Traefik, and HAProxy WAF configurations.
Additionally, Bad Bot/User-Agent detection is integrated to block malicious web crawlers and scrapers.
π Protect your servers against SQL Injection (SQLi), XSS, RCE, LFI, and malicious bots β with automated daily updates.
- π‘οΈ OWASP CRS Protection β Leverages OWASP Core Rule Set for web application firewall (WAF) defense.
- π€ Bad Bot Blocking β Blocks known malicious bots using public bot lists.
- βοΈ Multi-Web Server Support β Generates WAF configs for Apache, Nginx, Traefik, and HAProxy.
- π Automatic Updates β GitHub Actions fetch new rules daily and push updated configs.
- π¦ Pre-Generated Configurations β Download ready-to-use WAF configurations from GitHub Releases.
- 𧩠Scalable and Modular β Easily extendable to support other web servers or load balancers.
- π΅ Nginx
- π Apache (ModSecurity)
- π£ Traefik
- π΄ HAProxy
Note
If you are using Caddy, check the caddy-waf project.
patterns/
βββ waf_patterns/ # π§ Generated WAF config files
β βββ nginx/ # Nginx WAF configs
β βββ apache/ # Apache WAF configs (ModSecurity)
β βββ traefik/ # Traefik WAF configs
β βββ haproxy/ # HAProxy WAF configs
βββ import_apache_waf.py # π₯ Import Apache WAF configurations
βββ import_haproxy_waf.py # π₯ Import HAProxy WAF configurations
βββ import_nginx_waf.py # π₯ Import Nginx WAF configurations
βββ import_traefik_waf.py # π₯ Import Traefik WAF configurations
βββ owasp2json.py # π΅οΈ OWASP scraper (fetch CRS rules)
βββ json2nginx.py # π Convert OWASP JSON to Nginx WAF configs
βββ json2apache.py # π Convert OWASP JSON to Apache ModSecurity configs
βββ json2traefik.py # π Convert OWASP JSON to Traefik WAF configs
βββ json2haproxy.py # π Convert OWASP JSON to HAProxy WAF configs
βββ badbots.py # π€ Generate WAF configs to block bad bots
βββ requirements.txt # π Required dependencies
βββ .github/workflows/ # π€ GitHub Actions for automation
βββ update_patterns.yml
owasp2json.pyscrapes the latest OWASP CRS patterns from GitHub.- Extracts SQLi, XSS, RCE, LFI patterns from OWASP CRS
.conffiles.
json2nginx.pyβ Generates Nginx WAF configurations.json2apache.pyβ Outputs Apache ModSecurity rules.json2traefik.pyβ Creates Traefik WAF rules.json2haproxy.pyβ Builds HAProxy ACL files.
badbots.pyfetches public bot lists and generates bot-blocking configs.- Supports fallback lists to ensure reliable detection.
Before installing, ensure you have the following:
- Python 3.11 or higher (the project uses Python 3.11 as specified in the GitHub Actions workflow)
- pip (Python package installer)
- git (for cloning the repository)
You can download the latest pre-generated WAF configurations directly from the GitHub Releases page.
- Go to the Releases section.
- Download the zip file for your web server (e.g.,
nginx_waf.zip,apache_waf.zip). - Extract the files and follow the integration instructions below.
If you prefer to generate the configurations yourself:
1. Clone the Repository:
git clone https://github.com/fabriziosalmi/patterns.git
cd patterns2. Install Dependencies:
pip install -r requirements.txt3. Run Manually (Optional):
python owasp2json.py
python json2nginx.py
python json2apache.py
python json2haproxy.py
python json2traefik.py
python badbots.py- Download the
nginx_waf.zipfile from the Releases page. - Extract the files to your Nginx configuration directory.
- Include the generated
.conffiles in your Nginx configuration:include /path/to/waf_patterns/nginx/*.conf;
- Download the
apache_waf.zipfile from the Releases page. - Extract the files to your Apache configuration directory.
- Include the generated
.conffiles in your Apache configuration:Include /path/to/waf_patterns/apache/*.conf
- Download the
traefik_waf.zipfile from the Releases page. - Extract the files and use the
middleware.tomlfile in your Traefik configuration.
- Download the
haproxy_waf.zipfile from the Releases page. - Extract the files and include the
waf.aclfile in your HAProxy configuration.
map $http_user_agent $bad_bot {
"~*AhrefsBot" 1;
"~*SemrushBot" 1;
"~*MJ12bot" 1;
default 0;
}
if ($bad_bot) {
return 403;
}- π Daily Updates β GitHub Actions fetch the latest OWASP CRS rules every day.
- π Auto Deployment β Pushes new
.conffiles directly towaf_patterns/. - π¦ Release Automation β Automatically creates a new release with pre-generated configurations.
- π― Manual Trigger β Updates can also be triggered manually.
- Fork the repository.
- Create a feature branch (
feature/new-patterns). - Commit and push changes.
- Open a Pull Request.
This project is licensed under the MIT License.
See the LICENSE file for details.
If you like this project, you may also like these:
- caddy-waf Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
- blacklists Hourly updated domains blacklist π«
- proxmox-vm-autoscale Automatically scale virtual machines resources on Proxmox hosts
- UglyFeed Retrieve, aggregate, filter, evaluate, rewrite and serve RSS feeds using Large Language Models for fun, research and learning purposes
- proxmox-lxc-autoscale Automatically scale LXC containers resources on Proxmox hosts
- DevGPT Code togheter, right now! GPT powered code assistant to build project in minutes
- websites-monitor Websites monitoring via GitHub Actions (expiration, security, performances, privacy, SEO)
- caddy-mib Track and ban client IPs generating repetitive errors on Caddy
- zonecontrol Cloudflare Zones Settings Automation using GitHub Actions
- lws linux (containers) web services
- cf-box cf-box is a set of Python tools to play with API and multiple Cloudflare accounts.
- limits Automated rate limits implementation for web servers
- dnscontrol-actions Automate DNS updates and rollbacks across multiple providers using DNSControl and GitHub Actions
- proxmox-lxc-autoscale-ml Automatically scale the LXC containers resources on Proxmox hosts with AI
- csv-anonymizer CSV fuzzer/anonymizer
- iamnotacoder AI code generation and improvement
- Issues? Open a ticket in the Issues Tab.