{"id":20904943,"url":"https://github.com/annihil/mod_defender","last_synced_at":"2025-10-07T22:19:21.352Z","repository":{"id":199551506,"uuid":"54072188","full_name":"Annihil/mod_defender","owner":"Annihil","description":"Naxsi Web Application Firewall for Apache2","archived":false,"fork":false,"pushed_at":"2017-11-29T13:59:44.000Z","size":269,"stargazers_count":21,"open_issues_count":1,"forks_count":10,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-01T18:16:21.446Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Annihil.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-03-16T22:53:28.000Z","updated_at":"2025-03-13T16:50:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"e14c2070-35e7-4ad7-977a-f8199c19ef44","html_url":"https://github.com/Annihil/mod_defender","commit_stats":null,"previous_names":["annihil/mod_defender"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Annihil%2Fmod_defender","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Annihil%2Fmod_defender/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Annihil%2Fmod_defender/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Annihil%2Fmod_defender/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Annihil","download_url":"https://codeload.github.com/Annihil/mod_defender/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253882806,"owners_count":21978549,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T13:19:50.442Z","updated_at":"2025-10-07T22:19:16.298Z","avatar_url":"https://github.com/Annihil.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ![ModDefender logo](https://i.imgur.com/EIHE0dS.png)  \n[![travis-ci](https://travis-ci.org/Annihil/mod_defender.svg?branch=master)](https://travis-ci.org/Annihil/mod_defender)  \nMod Defender is an Apache2 module aiming to block attacks thanks to a whitelist policy  \nIt is an almost complete replication of [NAXSI](https://github.com/nbs-system/naxsi), which is for Nginx  \nIt uses the same configs format and is thus fully compatible with [NXAPI/NXTOOL](https://github.com/nbs-system/naxsi/tree/master/nxapi)  \n\n - Input\n    - [MainRule](https://github.com/nbs-system/naxsi/blob/master/naxsi_config/naxsi_core.rules)\n    - [BasicRule](https://github.com/nbs-system/naxsi/wiki/whitelists-bnf)\n    - [CheckRule](https://github.com/nbs-system/naxsi/wiki/checkrules-bnf)\n - Output\n    - [Learning log](https://github.com/nbs-system/naxsi/wiki/naxsilogs#naxsi_fmt)\n    - [Extensive learning log](https://github.com/nbs-system/naxsi/wiki/naxsilogs#naxsi_exlog)\n\n## Advantages\n  - Human readable log: colored output to watch Mainrules and Basicrules processing\n  - JSON match log: easier parsing and more compact logs\n  - Combined log: regular and extensive match log are mixed so that content and name of variable in question are presents on the same line\n\n## Required packages\n* apache2 dev package to provide Apache2 headers\n* apr package to provide Apache Portal Runtime library and headers\n* gcc \u0026 g++ \u003e= 4.9 (for std::regex)\n* GNU make\n* cmake \u003e= 3.2\n\n## Installation\n### Debian\n1. Install required packages\n\t```sh\n\tsudo apt-get install apache2-dev make gcc g++ cmake\n\t```\n\n1. Compile the source\n\t```sh\n\tcmake -H. -Bbuild\n\tcmake --build build -- -j4\n\t```\n\n1. Install the module\n    ```sh\n    sudo cp build/mod_defender.so /usr/lib/apache2/modules/\n    ```\n\n1. Create its module load file\n    ```sh\n    cat \u003c\u003c EOF | sudo tee /etc/apache2/mods-available/defender.load \u003e /dev/null\n    LoadModule defender_module /usr/lib/apache2/modules/mod_defender.so\n    \u003cIfModule defender_module\u003e\n    Include /etc/defender/core.rules\n    \u003c/IfModule\u003e\n    EOF\n    ```\n\n1. Add mod_defender settings in the desired location / directory / proxy blocks\n    ```\n    \u003cVirtualHost *:80\u003e\n        ServerName ...\n        DocumentRoot ...\n\n        \u003cLocation ...\u003e\n            \u003cIfModule defender_module\u003e\n            # Defender toggle\n            Defender On\n            # Match log path\n            MatchLog ${APACHE_LOG_DIR}/defender_match.log\n            # JSON Match log path\n            JSONMatchLog ${APACHE_LOG_DIR}/defender_json_match.log\n            # Request body limit\n            RequestBodyLimit 8388608\n            # Learning mode toggle\n            LearningMode On\n            # Extensive Learning log toggle\n            ExtensiveLog Off\n            # Libinjection SQL toggle\n            LibinjectionSQL Off\n            # Libinjection XSS toggle\n            LibinjectionXSS Off\n            ## Score action\n            CheckRule \"$SQL \u003e= 8\" BLOCK\n            CheckRule \"$RFI \u003e= 8\" BLOCK\n            CheckRule \"$TRAVERSAL \u003e= 4\" BLOCK\n            CheckRule \"$EVADE \u003e= 4\" BLOCK\n            CheckRule \"$XSS \u003e= 8\" BLOCK\n            CheckRule \"$UPLOAD \u003e= 8\" BLOCK\n\n            # Whitelists (BasicRule)\n            Include /etc/defender/my_whitelist.rules\n            \u003c/IfModule\u003e\n        \u003c/Location\u003e\n    \u003cVirtualHost\u003e\n    ```\n\n1. Create Mod Defender conf directory\n    ```sh\n    sudo mkdir /etc/defender/\n    ```\n\n1. Populate it with the core rules\n\t```sh\n\tsudo wget -O /etc/defender/core.rules \\\n\thttps://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules\n\t```\n\n1. Enable the module\n\t```sh\n\tsudo a2enmod defender\n\t```\n\n1. Restart Apache2 to take effect\n\t```sh\n\tsudo service apache2 restart\n\t```\n\n### FreeBSD\n1. Install required packages\n\t```sh\n\tpkg install apr make gcc cmake\n\t```\n\n1. Compile the source\n\t```sh\n\tcmake -H. -Bbuild\n    cmake --build build -- -j4\n\t```\n\n1. Install the module\n    ```sh\n    cp build/mod_defender.so /usr/local/libexec/apache24/\n    ```\n\n1. Create its module load file\n   \t```sh\n    cat \u003c\u003c EOF | tee /usr/local/etc/apache24/modules.d/250_defender.conf \u003e /dev/null\n    LoadModule defender_module libexec/apache24/mod_defender.so\n    \u003cIfModule defender_module\u003e\n    Include etc/defender/core.rules\n    \u003c/IfModule\u003e\n    EOF\n   \t```\n\n1. Add mod_defender settings in the desired location / directory / proxy blocks\n    ```\n    \u003cVirtualHost *:80\u003e\n        ServerName ...\n        DocumentRoot ...\n\n        \u003cLocation ...\u003e\n            \u003cIfModule defender_module\u003e\n            # Defender toggle\n            Defender On\n            # Match log path\n            MatchLog /var/log/defender_match.log\n            # JSON Match log path\n            JSONMatchLog /var/log/defender_json_match.log\n            # Request body limit\n            RequestBodyLimit 8388608\n            # Learning mode toggle\n            LearningMode On\n            # Extensive Learning log toggle\n            ExtensiveLog Off\n            # Libinjection SQL toggle\n            LibinjectionSQL Off\n            # Libinjection XSS toggle\n            LibinjectionXSS Off\n            ## Score action\n            CheckRule \"$SQL \u003e= 8\" BLOCK\n            CheckRule \"$RFI \u003e= 8\" BLOCK\n            CheckRule \"$TRAVERSAL \u003e= 4\" BLOCK\n            CheckRule \"$EVADE \u003e= 4\" BLOCK\n            CheckRule \"$XSS \u003e= 8\" BLOCK\n            CheckRule \"$UPLOAD \u003e= 8\" BLOCK\n\n            # Whitelists (BasicRule)\n            Include etc/defender/my_whitelist.rules\n            \u003c/IfModule\u003e\n        \u003c/Location\u003e\n    \u003cVirtualHost\u003e\n    ```\n\n1. Create Mod Defender conf directory\n    ```sh\n    mkdir /usr/local/etc/defender/\n    ```\n\n1. Populate it with the core rules\n\t```sh\n\twget -O /usr/local/etc/defender/core.rules \\\n\thttps://raw.githubusercontent.com/nbs-system/naxsi/master/naxsi_config/naxsi_core.rules\n\t```\n\n1. Restart Apache2 to take effect\n\t```sh\n\tservice apache24 restart\n\t```\n\n## Configuration hierarchy\n### Top (above \u0026lt;VirtualHost\u0026gt;)\n```\n# Score rules\nInclude /etc/defender/core.rules\nMainRule \"...\"\n```\n\n### \u0026lt;Location\u0026gt; / \u0026lt;Directory\u0026gt; / \u0026lt;Proxy\u0026gt; blocks\n```\n# Action rules\nCheckRule \"...\"\n\n# Whitelist rules\nBasicRule \"...\"\n```\n\n## Credits\n[NAXSI's team](https://github.com/orgs/nbs-system/people) from nbs-system\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fannihil%2Fmod_defender","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fannihil%2Fmod_defender","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fannihil%2Fmod_defender/lists"}