{"id":29287360,"url":"https://github.com/djellemah/rodsec","last_synced_at":"2026-04-13T21:31:58.271Z","repository":{"id":56892559,"uuid":"150006097","full_name":"djellemah/rodsec","owner":"djellemah","description":"ruby ffi for ModSecurity and rack middleware","archived":false,"fork":false,"pushed_at":"2018-11-06T18:10:28.000Z","size":80,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-20T09:11:01.715Z","etag":null,"topics":["modsecurity","rack","rack-middleware","rails","ruby"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/djellemah.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-23T17:02:44.000Z","updated_at":"2018-11-06T18:10:24.000Z","dependencies_parsed_at":"2022-08-21T01:20:28.485Z","dependency_job_id":null,"html_url":"https://github.com/djellemah/rodsec","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/djellemah/rodsec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djellemah%2Frodsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djellemah%2Frodsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djellemah%2Frodsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djellemah%2Frodsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/djellemah","download_url":"https://codeload.github.com/djellemah/rodsec/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/djellemah%2Frodsec/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31771815,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T20:17:16.280Z","status":"ssl_error","status_checked_at":"2026-04-13T20:17:08.216Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["modsecurity","rack","rack-middleware","rails","ruby"],"created_at":"2025-07-06T01:07:05.388Z","updated_at":"2026-04-13T21:31:58.241Z","avatar_url":"https://github.com/djellemah.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rodsec\n\nAn ffi wrapper for [ModSecurity](https://www.modsecurity.org/) Web Application\nFirewall. It will need a ruleset, most likely you'll want to use\n[OWASP ModSecurity Core Rule Set (CRS)](https://coreruleset.org/).\n\nThis gem also provides a Rack middleware which can return a 403 Forbidden\nresponse to bad requests, in many cases before your application code runs.\n\n## Installation\n\nInstall [ModSecurity \u003e= 3.0.0](https://www.modsecurity.org/download.html). This\ngem's native extensions will not compile without it. As of 23-Sep-2018, you may\nhave to compile ModSecurity yourself, seems that distro packages of 3.0.0\nversions are not available.\n\nAnd now back to your scheduled gem installation dance. Add this line to your\napplication's Gemfile:\n\n```ruby\ngem 'rodsec'\n```\n\nAnd then execute:\n\n    $ bundle\n\nOr install it yourself as:\n\n    $ gem install rodsec\n\n\n## Usage\n\n### ModSecurity config\n\nCopy `spec/config/modsecurity.conf`, `spec/config/crs-setup.conf`, and\n`spec/config/unicode.mapping` into a config directory in your app somewhere.\nThese are pre-configured to signal an intervention on dodgy requests or\nresponses - the rack middleware in this gem returns a 403 \"Forbidden\" in those\ncases.\n\nYou should be able to use the config files as-is. Possibly decrease the paranoia\nlevel in `crs-setup.conf` from 3 to 1 or 2.\n\nThen you'll need a ruleset - start with the\n[OWASP CRS](https://github.com/SpiderLabs/owasp-modsecurity-crs/).\n\nEasiest is a directory structure like this:\n\n```\nconfig/\n  modsecurity.conf\n  crs-setup.conf\n  unicode.mapping\n  rules/\n    # copy files from OWASP CRS rules/*\n    REQUEST-920-PROTOCOL-ENFORCEMENT.conf\n    ...\n    RESPONSE-980-CORRELATION.conf\n    ...\n    scanners-headers.data\n    ...\n```\n\nThe location of your ```rules``` directory is configurable if you\nreally need to - see comments in ```Rodsec::Rack``` source.\n\nTake a look at the ```*.example``` files in ```rules/```.\n\nCopying the rules files is a manual step because you really want to have at\nleast some idea of what rules you've activated, and how to handle false\npositives. Search for ModSecurity and apache or nginx and you'll get lots to\nread.\n\n### Rack/Rails\n\nNow you can add a ```use``` line to your rack config. In plain rack this would\nbe something like\n\n``` ruby\nuse Rodsec::Rack, config: config_dir, log_blk: -\u003e tag, str { p tag: tag, str: str }\n```\n\nSee\n[official Rails docs](https://guides.rubyonrails.org/rails_on_rack.html#configuring-middleware-stack)\non adding rack middleware to rails.\n\nYou'll know it worked when you see \"loading rules file\" log messages showing up\nin your ```log_blk:``` lambda on application startup.\n\n### Standalone\n\nYou can also use this gem without rack.\n\n``` ruby\nmsc = Rodsec::Modsec.new do |tag, str|\n  # this block will be called with log strings from ModSecurity\n  puts tag, str\nend\n\n# load config files\nrule_set = Rodsec::ReadConfig.read_config config_dir, rules_dir do |tag, str|\n  p tag =\u003e str\nend\n\n# Now check one, or several, request/response cycles.\n# You'll need a new Transaction instance for each cycle.\ntxn = Rodsec::Transaction.new msc, rule_set, txn_log_tag: 'my_first_transaction'\nbegin\n  # method calls MUST be in this order\n  txn.connection! ...\n  txn.uri! ...\n  txn.request_headers! ...\n  txn.request_body! ...\n  txn.response_headers! ...\n  txn.response_body! ...\n\n  txn.logging\nrescue Rodsec::Intervention =\u003e iex\n  # a good place to do some logging...\n  puts iex.msi.to_h # so you can see what fields are available\n  puts \"http_status: #{iex.msi.status}\"\nend\n```\n\n## Acknowledgements\n\nThanks to [NETSTOCK](https://www.netstock.co/) for funding development.\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run\n`rake spec` to run the tests. You can also run `bin/console` for an interactive\nprompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`. To\nrelease a new version, update the version number in `version.rb`, and then run\n`bundle exec rake release`, which will create a git tag for the version, push\ngit commits and tags, and push the `.gem` file to\n[rubygems.org](https://rubygems.org).\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at\nhttps://github.com/djellemah/rodsec.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdjellemah%2Frodsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdjellemah%2Frodsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdjellemah%2Frodsec/lists"}