{"id":13548586,"url":"https://github.com/acouvreur/traefik-modsecurity-plugin","last_synced_at":"2025-04-05T03:04:57.538Z","repository":{"id":41290882,"uuid":"441495453","full_name":"acouvreur/traefik-modsecurity-plugin","owner":"acouvreur","description":"Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container","archived":false,"fork":false,"pushed_at":"2024-12-24T13:49:31.000Z","size":406,"stargazers_count":156,"open_issues_count":12,"forks_count":29,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-29T02:03:37.654Z","etag":null,"topics":["container","docker","modsecurity","owasp","proxy","reverse-proxy","traefik","traefik-plugin","waf"],"latest_commit_sha":null,"homepage":"https://plugins.traefik.io/plugins/628c9eadffc0cd18356a9799/modsecurity-plugin","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/acouvreur.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-24T15:11:44.000Z","updated_at":"2025-03-07T10:52:53.000Z","dependencies_parsed_at":"2024-06-18T22:54:05.474Z","dependency_job_id":"05c0f4d9-c404-4011-9174-5c4795a60c0c","html_url":"https://github.com/acouvreur/traefik-modsecurity-plugin","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acouvreur%2Ftraefik-modsecurity-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acouvreur%2Ftraefik-modsecurity-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acouvreur%2Ftraefik-modsecurity-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/acouvreur%2Ftraefik-modsecurity-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/acouvreur","download_url":"https://codeload.github.com/acouvreur/traefik-modsecurity-plugin/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247280262,"owners_count":20912967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container","docker","modsecurity","owasp","proxy","reverse-proxy","traefik","traefik-plugin","waf"],"created_at":"2024-08-01T12:01:12.153Z","updated_at":"2025-04-05T03:04:57.511Z","avatar_url":"https://github.com/acouvreur.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Traefik Modsecurity Plugin\n\n![Banner](./img/banner.png)\n\nTraefik plugin to proxy requests to [owasp/modsecurity-crs](https://hub.docker.com/r/owasp/modsecurity-crs):apache\n\n![Github Actions](https://img.shields.io/github/actions/workflow/status/acouvreur/traefik-modsecurity-plugin/build.yml?style=flat-square\u0026branch=main)\n![Go Report](https://goreportcard.com/badge/github.com/acouvreur/traefik-modsecurity-plugin?style=flat-square)\n![Go Version](https://img.shields.io/github/go-mod/go-version/acouvreur/traefik-modsecurity-plugin?style=flat-square)\n![Latest Release](https://img.shields.io/github/release/acouvreur/traefik-modsecurity-plugin/all.svg?style=flat-square)\n\n\n- [Traefik Modsecurity Plugin](#traefik-modsecurity-plugin)\n  - [Demo](#demo)\n  - [Usage (docker-compose.yml)](#usage-docker-composeyml)\n  - [How it works](#how-it-works)\n  - [Local development (docker-compose.local.yml)](#local-development-docker-composelocalyml)\n\n## Demo\n\nDemo with WAF intercepting relative access in query param.\n\n![Demo](./img/waf.gif)\n\n## Usage (docker-compose.yml)\n\nSee [docker-compose.yml](https://github.com/acouvreur/traefik-modsecurity-plugin/blob/main/docker-compose.yml)\n\n1. docker-compose up\n2. Go to http://localhost:8000/website, the request is received without warnings\n3. Go to http://localhost:8000/website?test=../etc, the request is intercepted and returned with 403 Forbidden by owasp/modsecurity\n\n## How it works\n\nThis is a very simple plugin that proxies the query to the owasp/modsecurity apache container.\n\nThe plugin checks that the response from the waf container hasn't an http code \u003e 400 before forwarding the request to the real service.\n\nIf it is \u003e 400, then the error page is returned instead.\n\nThe *dummy* service is created so the waf container forward the request to a service and respond with 200 OK all the time.\n\n## Configuration\n\nThis plugin supports these configuration:\n\n* `modSecurityUrl`: (**mandatory**) it's the URL for the owasp/modsecurity container.\n* `timeoutMillis`: (optional) timeout in milliseconds for the http client to talk with modsecurity container. (default 2 seconds)\n* `maxBodySize`: (optional) it's the maximum limit for requests body size. Requests exceeding this value will be rejected using `HTTP 413 Request Entity Too Large`.\n  The default value for this parameter is 10MB. Zero means \"use default value\".\n\n**Note**: body of every request will be buffered in memory while the request is in-flight (i.e.: during the security check and during the request processing by traefik and the backend), so you may want to tune `maxBodySize` depending on how much RAM you have.\n\n## Local development (docker-compose.local.yml)\n\nSee [docker-compose.local.yml](docker-compose.local.yml)\n\n`docker-compose -f docker-compose.local.yml up` to load the local plugin\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facouvreur%2Ftraefik-modsecurity-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Facouvreur%2Ftraefik-modsecurity-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Facouvreur%2Ftraefik-modsecurity-plugin/lists"}