{"id":42945884,"url":"https://github.com/madebymode/traefik-modsecurity-plugin","last_synced_at":"2026-01-30T20:35:55.230Z","repository":{"id":158425992,"uuid":"630299049","full_name":"madebymode/traefik-modsecurity-plugin","owner":"madebymode","description":"Traefik plugin to proxy requests to owasp/modsecurity-crs:4.3.0-apache-alpine","archived":false,"fork":false,"pushed_at":"2024-06-24T13:50:42.000Z","size":484,"stargazers_count":13,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-08-02T00:59:44.367Z","etag":null,"topics":["docker","modsecurity","modsecurity-nginx","owasp","owasp-crs","traefik","traefik-plugin"],"latest_commit_sha":null,"homepage":"https://plugins.traefik.io/plugins/644d9a72ebafd55c9c740848/mx-m-owasp-crs-modsecurity-plugin","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"acouvreur/traefik-modsecurity-plugin","license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/madebymode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-04-20T04:55:43.000Z","updated_at":"2024-07-29T18:10:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"58ca5f90-413f-43df-b739-4fad6279b70e","html_url":"https://github.com/madebymode/traefik-modsecurity-plugin","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/madebymode/traefik-modsecurity-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madebymode%2Ftraefik-modsecurity-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madebymode%2Ftraefik-modsecurity-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madebymode%2Ftraefik-modsecurity-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madebymode%2Ftraefik-modsecurity-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/madebymode","download_url":"https://codeload.github.com/madebymode/traefik-modsecurity-plugin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madebymode%2Ftraefik-modsecurity-plugin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28918536,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T20:25:28.696Z","status":"ssl_error","status_checked_at":"2026-01-30T20:25:13.426Z","response_time":66,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","modsecurity","modsecurity-nginx","owasp","owasp-crs","traefik","traefik-plugin"],"created_at":"2026-01-30T20:35:55.156Z","updated_at":"2026-01-30T20:35:55.223Z","avatar_url":"https://github.com/madebymode.png","language":"Go","readme":"# Traefik Modsecurity Plugin\n\n![Banner](./img/banner.png)\n\nthis is a fork of the original: https://github.com/acouvreur/traefik-modsecurity-plugin\n\nThis fork introduces alpine images, CRS 4.x suppport, a custom http.transport, and a 429 jail for repeat offenders\n\nsee:  https://github.com/traefik/plugindemo#troubleshooting\n\n----\n\nTraefik plugin to proxy requests to [owasp/modsecurity-crs](https://hub.docker.com/r/owasp/modsecurity-crs):apache\n\n![Github Actions](https://img.shields.io/github/actions/workflow/status/madebymode/traefik-modsecurity-plugin/build.yml?style=flat-square\u0026branch=main)\n![Go Report](https://goreportcard.com/badge/github.com/madebymode/traefik-modsecurity-plugin?style=flat-square)\n![Go Version](https://img.shields.io/github/go-mod/go-version/madebymode/traefik-modsecurity-plugin?style=flat-square)\n![Latest Release](https://img.shields.io/github/release/madebymode/traefik-modsecurity-plugin/all.svg?style=flat-square)\n\n- [Traefik Modsecurity Plugin](#traefik-modsecurity-plugin)\n    - [Demo](#demo)\n    - [Usage (docker-compose.yml)](#usage-docker-composeyml)\n    - [How it works](#how-it-works)\n    - [Local development (docker-compose.local.yml)](#local-development-docker-composelocalyml)\n\n## Demo\n\nDemo with WAF intercepting relative access in query param.\n\n![Demo](./img/waf.gif)\n\n## Usage (docker-compose.yml)\n\nSee [docker-compose.yml](docker-compose.yml)\n\n1. docker-compose up\n2. Go to http://localhost/website, the request is received without warnings\n3. Go to http://localhost/website?test=../etc, the request is intercepted and returned with 403 Forbidden by\n   owasp/modsecurity\n4. You can you bypass the WAF and check attacks at http://localhost/bypass?test=../etc\n\n## How it works\n\nThis is a very simple plugin that proxies the query to the owasp/modsecurity apache container.\n\nThe plugin checks that the response from the waf container hasn't an http code \u003e 400 before forwarding the request to\nthe real service.\n\nIf it is \u003e 400, then the error page is returned instead.\n\nThe *dummy* service is created so the waf container forward the request to a service and respond with 200 OK all the\ntime.\n\n## Configuration\n\nThis plugin supports these configuration:\n\n* `modSecurityUrl`: (**mandatory**) it's the URL for the owasp/modsecurity container.\n* `timeoutMillis`: (optional) timeout in milliseconds for the http client to talk with modsecurity container. (default 2\n  seconds)\n* `jailEnabled`:  (optional) 429 jail for repeat offenders (based on threshold settings)\n* `JailTimeDurationSecs`:  (optional) how long a client will be jailed for, in seconds\n* `badRequestsThresholdCount`: (optional) # of 403s a clientIP can trigger from OWASP before being adding to jail\n* `badRequestsThresholdPeriodSecs` (optional) # the period, in seconds, that the threshold must meet before a client is added to the 429 jail\n\n## Local development (docker-compose.local.yml)\n\nSee [docker-compose.local.yml](docker-compose.local.yml)\n\n`docker-compose -f docker-compose.local.yml up` to load the local plugin\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmadebymode%2Ftraefik-modsecurity-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmadebymode%2Ftraefik-modsecurity-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmadebymode%2Ftraefik-modsecurity-plugin/lists"}