Repository files navigation

Automate the scraping ofOWASP Core Rule Set (CRS) patterns and convert them intoApache, Nginx, Traefik, and HAProxy WAF configurations.
Additionally,Bad Bot/User-Agent detection is integrated to block malicious web crawlers and scrapers.

🚀Protect your servers against SQL Injection (SQLi), XSS, RCE, LFI, and malicious bots – with automated daily updates.

• 🛡️ OWASP CRS Protection – Leverages OWASP Core Rule Set for web application firewall (WAF) defense.
• 🤖 Bad Bot Blocking – Blocks known malicious bots using public bot lists.
• ⚙️ Multi-Web Server Support – Generates WAF configs forApache, Nginx, Traefik, and HAProxy.
• 🔄 Automatic Updates – GitHub Actions fetch new rulesdaily and push updated configs.
• 📦 Pre-Generated Configurations – Download ready-to-use WAF configurations fromGitHub Releases.
• 🧩 Scalable and Modular – Easily extendable to support other web servers or load balancers.

• 🔵 Nginx
• 🟠 Apache (ModSecurity)
• 🟣 Traefik
• 🔴 HAProxy

patterns/├── waf_patterns/           # 🔧 Generated WAF config files│   ├── nginx/              # Nginx WAF configs│   ├── apache/             # Apache WAF configs (ModSecurity)│   ├── traefik/            # Traefik WAF configs│   └── haproxy/            # HAProxy WAF configs│── import_apache_waf.py│── import_haproxy_waf.py│── import_nginx_waf.py│── import_traefik_waf.py├── owasp.py                # 🕵️ OWASP scraper (fetch CRS rules)├── owasp2nginx.py          # 🔄 Convert OWASP JSON to Nginx WAF configs├── owasp2apache.py         # 🔄 Convert OWASP JSON to Apache ModSecurity configs├── owasp2haproxy.py        # 🔄 Convert OWASP JSON to HAProxy WAF configs├── badbots.py              # 🤖 Generate WAF configs to block bad bots├── requirements.txt        # 📄 Required dependencies└── .github/workflows/      # 🤖 GitHub Actions for automation    └── update_patterns.yml

• owasp.py scrapes the latest OWASP CRS patterns from GitHub.
• ExtractsSQLi, XSS, RCE, LFI patterns from OWASP CRS.conf files.

• owasp2nginx.py – GeneratesNginx WAF configurations.
• owasp2apache.py – OutputsApache ModSecurity rules.
• owasp2traefik.py – CreatesTraefik WAF rules.
• owasp2haproxy.py – BuildsHAProxy ACL files.

• badbots.py fetches public bot lists and generates bot-blocking configs.
• Supports fallback lists to ensure reliable detection.

You can download the latest pre-generated WAF configurations directly from theGitHub Releases page.

1. Go to theReleases section.
2. Download the zip file for your web server (e.g.,nginx_waf.zip,apache_waf.zip).
3. Extract the files and follow the integration instructions below.

If you prefer to generate the configurations yourself:

1. Clone the Repository:

git clone https://github.com/fabriziosalmi/patterns.gitcd patterns

2. Install Dependencies:

pip install -r requirements.txt

3. Run Manually (Optional):

python owasp.pypython owasp2nginx.pypython owasp2apache.pypython owasp2haproxy.pypython owasp2traefik.pypython badbots.py

1. Download thenginx_waf.zip file from theReleases page.
2. Extract the files to your Nginx configuration directory.
3. Include the generated.conf files in your Nginx configuration:

   include /path/to/waf_patterns/nginx/*.conf;

1. Download theapache_waf.zip file from theReleases page.
2. Extract the files to your Apache configuration directory.
3. Include the generated.conf files in your Apache configuration:

   Include /path/to/waf_patterns/apache/*.conf

1. Download thetraefik_waf.zip file from theReleases page.
2. Extract the files and use themiddleware.toml file in your Traefik configuration.

1. Download thehaproxy_waf.zip file from theReleases page.
2. Extract the files and include thewaf.acl file in your HAProxy configuration.

map$http_user_agent$bad_bot{"~*AhrefsBot" 1;"~*SemrushBot" 1;"~*MJ12bot" 1;    default 0;}if($bad_bot){return403;}

• 🕛 Daily Updates – GitHub Actions fetch the latest OWASP CRS rules every day.
• 🔄 Auto Deployment – Pushes new.conf files directly towaf_patterns/.
• 📦 Release Automation – Automatically creates a new release with pre-generated configurations.
• 🎯 Manual Trigger – Updates can also be triggered manually.

1. Fork the repository.
2. Create afeature branch (feature/new-patterns).
3. Commit and push changes.
4. Open aPull Request.

This project is licensed under theMIT License.
See theLICENSE file for details.

If You like my projects, you may also like these ones:

• caddy-waf Caddy WAF (Regex Rules, IP and DNS filtering, Rate Limiting, GeoIP, Tor, Anomaly Detection)
• blacklists Hourly updated domains blacklist 🚫
• proxmox-vm-autoscale Automatically scale virtual machines resources on Proxmox hosts
• UglyFeed Retrieve, aggregate, filter, evaluate, rewrite and serve RSS feeds using Large Language Models for fun, research and learning purposes
• proxmox-lxc-autoscale Automatically scale LXC containers resources on Proxmox hosts
• DevGPT Code togheter, right now! GPT powered code assistant to build project in minutes
• websites-monitor Websites monitoring via GitHub Actions (expiration, security, performances, privacy, SEO)
• caddy-mib Track and ban client IPs generating repetitive errors on Caddy
• zonecontrol Cloudflare Zones Settings Automation using GitHub Actions
• lws linux (containers) web services
• cf-box cf-box is a set of Python tools to play with API and multiple Cloudflare accounts.
• limits Automated rate limits implementation for web servers
• dnscontrol-actions Automate DNS updates and rollbacks across multiple providers using DNSControl and GitHub Actions
• proxmox-lxc-autoscale-ml Automatically scale the LXC containers resources on Proxmox hosts with AI
• csv-anonymizer CSV fuzzer/anonymizer
• iamnotacoder AI code generation and improvement

• Issues? Open a ticket in theIssues Tab.

• OWASP CRS
• Apache ModSecurity
• Nginx
• Traefik
• HaProxy