{"id":21027977,"url":"https://github.com/jcmoraisjr/modsecurity-spoa","last_synced_at":"2025-03-13T19:13:29.416Z","repository":{"id":37868506,"uuid":"134985252","full_name":"jcmoraisjr/modsecurity-spoa","owner":"jcmoraisjr","description":"HAProxy agent for ModSecurity web application firewall","archived":false,"fork":false,"pushed_at":"2025-01-01T03:58:58.000Z","size":51,"stargazers_count":100,"open_issues_count":14,"forks_count":27,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-01-20T14:50:12.573Z","etag":null,"topics":["haproxy","modsecurity"],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jcmoraisjr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-26T18:22:48.000Z","updated_at":"2024-12-29T07:17:08.000Z","dependencies_parsed_at":"2023-02-18T23:20:29.712Z","dependency_job_id":"8761c078-6e79-43d3-a00a-0901c09744a4","html_url":"https://github.com/jcmoraisjr/modsecurity-spoa","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcmoraisjr%2Fmodsecurity-spoa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcmoraisjr%2Fmodsecurity-spoa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcmoraisjr%2Fmodsecurity-spoa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcmoraisjr%2Fmodsecurity-spoa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jcmoraisjr","download_url":"https://codeload.github.com/jcmoraisjr/modsecurity-spoa/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243467024,"owners_count":20295309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["haproxy","modsecurity"],"created_at":"2024-11-19T11:53:17.628Z","updated_at":"2025-03-13T19:13:29.391Z","avatar_url":"https://github.com/jcmoraisjr.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HAProxy agent for ModSecurity\n\nHAProxy [agent](http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#9.3) (SPOA)\nfor [ModSecurity](http://www.modsecurity.org) web application firewall\n([WAF](https://en.wikipedia.org/wiki/Web_application_firewall)).\n\n[![Docker Repository on Quay](https://quay.io/repository/jcmoraisjr/modsecurity-spoa/status \"Docker Repository on Quay\")](https://quay.io/repository/jcmoraisjr/modsecurity-spoa)\n\n## SPOP and HAProxy Version\n\nThe current [SPOP](https://www.haproxy.org/download/2.2/doc/SPOE.txt) version is v2, used since modsecurity-spoa v0.4. This agent version works on HAProxy 1.8.10 and newer.\n\nSPOP v1 is used on modsecurity-spoa v0.1 to v0.3. This agent version works on HAProxy up to 1.8.9.\n\n## Agent Configuration\n\nCommand line syntax:\n\n```\n$ docker run -p 12345:12345 quay.io/jcmoraisjr/modsecurity-spoa [options] [-- \u003cconfig-file1\u003e [\u003cconfig-file2\u003e ...] ]\n```\n\n`config-files` can be used either after `--` (see above) or from `-f` option (see below).\nThe only difference is that the later supports only one filename. All config-files found\nwill be used, included in the same order as they have been declared.\n\n### Customize the Configuration Files\n\nIn order to use the default configuration in your customization, you should copy the following files from the image:\n```\ndocker create --name modsec quay.io/jcmoraisjr/modsecurity-spoa\ndocker cp modsec:/etc/modsecurity .\ndocker rm modsec\n```\n\nDownload and customize the configuration files for either the [ModSecurity repository](https://github.com/SpiderLabs/ModSecurity/blob/v2/master/modsecurity.conf-recommended) or from [OWASP repository](https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.3/dev/crs-setup.conf.example).\nUse the copied files from the previous code section in your run command:\n```\ndocker run -p 12345:12345 -v $PWD/modsecurity:/etc/modsecurity quay.io/jcmoraisjr/modsecurity-spoa -n 1\n```\n\nIf you do not want to include the default configuration files and only use the configuration files (ex./ custom-config.conf) that you design, leave out the copied default configuration files from before in your run command:\n```\ndocker run -p 12345:12345 -v $PWD/modsecurity:/etc/modsecurity quay.io/jcmoraisjr/modsecurity-spoa -n 1 -- /etc/modsecurity/custom-config.conf\n```\n\n### Running without Config Files\n\nIf no config-file is declared, the following will be used:\n\n* `/etc/modsecurity/modsecurity.conf`: ModSecurity recommended config, from ModSecurity [repository](https://github.com/SpiderLabs/ModSecurity/tree/v2/master)\n * Changes: `SecRuleEngine`, changed from `DetectionOnly` to `On`\n* `/etc/modsecurity/owasp-modsecurity-crs.conf`: Generic attack detection rules for ModSecurity, from OWASP ModSecurity CRS [repository](https://github.com/SpiderLabs/owasp-modsecurity-crs)\n * Changes: `SecDefaultAction`, `phase:1` and `phase:2`, changed from `log,auditlog,pass` to `log,noauditlog,deny,status:403`\n\nOptions are: (from modsecurity agent -h)\n\n```\n -h Print this message\n -d Enable the debug mode\n -f \u003cconfig-file\u003e ModSecurity configuration file\n -m \u003cmax-frame-size\u003e Specify the maximum frame size (default : 16384)\n -p \u003cport\u003e Specify the port to listen on (default : 12345)\n -n \u003cnum-workers\u003e Specify the number of workers (default : 10)\n -c \u003ccapability\u003e Enable the support of the specified capability\n -t \u003ctime\u003e Set a delay to process a message (default: 0)\n The value is specified in milliseconds by default,\n but can be in any other unit if the number is suffixed\n by a unit (us, ms, s)\n\n Supported capabilities: fragmentation, pipelining, async\n```\n\n## HAProxy configuration\n\nConfigure modsecurity-spoa as a HAProxy SPOE agent. See also SPOE filter\n[doc](http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#9.3)\nand SPOE [spec](https://www.haproxy.org/download/1.8/doc/SPOE.txt).\n\nChanges to `haproxy.cfg` - change `127.0.0.1:12345` below to the\nmodsecurity-spoa endpoint:\n\n```\n frontend httpfront\n mode http\n ...\n filter spoe engine modsecurity config /etc/haproxy/spoe-modsecurity.conf\n http-request deny if { var(txn.modsec.code) -m int gt 0 }\n ...\n backend spoe-modsecurity\n mode tcp\n server modsec-spoa1 127.0.0.1:12345\n```\n\nCreate a `/etc/haproxy/spoe-modsecurity.conf`:\n\n```\n [modsecurity]\n spoe-agent modsecurity-agent\n messages check-request\n option var-prefix modsec\n timeout hello 100ms\n timeout idle 30s\n timeout processing 1s\n use-backend spoe-modsecurity\n spoe-message check-request\n args unique-id method path query req.ver req.hdrs_bin req.body_size req.body\n event on-frontend-http-request\n```\n\n## Test with docker\n\n```\n(cd ./test \u0026\u0026 ./run.sh)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcmoraisjr%2Fmodsecurity-spoa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjcmoraisjr%2Fmodsecurity-spoa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcmoraisjr%2Fmodsecurity-spoa/lists"}