{"id":20163406,"url":"https://github.com/sjinks/node-modsecurity","last_synced_at":"2025-04-10T00:36:51.187Z","repository":{"id":170073111,"uuid":"646170502","full_name":"sjinks/node-modsecurity","owner":"sjinks","description":"ModSecurity Connector for Node.js","archived":false,"fork":false,"pushed_at":"2025-03-01T09:16:09.000Z","size":290,"stargazers_count":4,"open_issues_count":2,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-05T05:02:22.413Z","etag":null,"topics":["modsec","modsecurity","security","waf"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sjinks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":["https://www.paypal.com/donate/?hosted_button_id=SAG6877JDJ3KU","https://send.monobank.ua/jar/7rosVfiwKM"]}},"created_at":"2023-05-27T14:09:41.000Z","updated_at":"2025-03-01T09:16:11.000Z","dependencies_parsed_at":"2023-10-16T16:20:12.492Z","dependency_job_id":"a8794a11-e4d8-4e4e-8be6-df5e50afe328","html_url":"https://github.com/sjinks/node-modsecurity","commit_stats":null,"previous_names":["sjinks/node-modsecurity"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sjinks%2Fnode-modsecurity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sjinks%2Fnode-modsecurity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sjinks%2Fnode-modsecurity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sjinks%2Fnode-modsecurity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sjinks","download_url":"https://codeload.github.com/sjinks/node-modsecurity/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248138002,"owners_count":21053774,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["modsec","modsecurity","security","waf"],"created_at":"2024-11-14T00:29:30.257Z","updated_at":"2025-04-10T00:36:51.167Z","avatar_url":"https://github.com/sjinks.png","language":"JavaScript","readme":"# node-modsecurity\n\n[![CI](https://github.com/sjinks/node-modsecurity/actions/workflows/ci.yml/badge.svg)](https://github.com/sjinks/node-modsecurity/actions/workflows/ci.yml)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=sjinks_node-modsecurity\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=sjinks_node-modsecurity)\n[![Dependency Review](https://github.com/sjinks/node-modsecurity/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/sjinks/node-modsecurity/actions/workflows/dependency-review.yml)\n\nA [ModSecurity](https://github.com/SpiderLabs/ModSecurity#readme) connector for Node.js\n\n## Prerequisites\n\nBecause this library provides Node.js bindings to `libmodsecurity`, `libmodsecurity` along with its development files has to be installed.\n\nSee: https://pkgs.org/search/?q=libmodsecurity\n\n### Ubuntu\n\n```sh\nsudo apt-get install -y libmodsecurity3 libmodsecurity-dev\n```\n\n### CentOS\n\n```sh\nsudo yum -y install epel-release\nsudo yum -y install libmodsecurity libmodsecurity-devel\n```\n\n### MacOS\n\nTBD\n\n### Windows\n\n[Not supported](https://github.com/SpiderLabs/ModSecurity#windows)\n\n### Caveats\n\nOld versions of libmodsecurity are sometimes buggy: for example, libmodsecurity up to 3.0.8 (since at least 3.0.6) may [crash](https://github.com/SpiderLabs/ModSecurity/issues/2872)\nif you forget to call to `Transaction::processConnection()` or `Transaction::processURI()`; libmodsecurity 3.0.6 leaks memory.\n\nTheerefore, it is recommended to install (or, more likely, build) the latest version of libmodsecurity yourself. The [official documentation](https://github.com/SpiderLabs/ModSecurity#compilation)\nand [project Wiki](https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes-for-v3.x) provide instructions on how to compile the library.\n\nAs of the time of writing, libmodsecurity 3.0.9 seems to be OK: my tests did not find memory leaks nor was I able to crash it from Node.js.\n\n## Installation\n\n```sh\nnpm install modsecurity\n```\n\n## Usage\n\nTBD; please see [this](https://github.com/sjinks/node-modsecurity/blob/245049f87b276fd56c1493b37afa437d04613e72/test/integration/lifecycle.mjs#L39-L85) for usage example.\n\ntl;dr:\n```js\nimport { createServer } from 'node:http';\nimport { ModSecurity, Rules, Transaction } from 'modsecurity';\n\nconst modsec = new ModSecurity();\n// Optional: set logging callback:\nmodsec.setLogCallback((message) =\u003e console.log(message));\n\nconst rules = new Rules();\nrules.loadFromFile('rules.conf');\n\nconst server = createServer((request, response) =\u003e {\n    const tx = new Transaction(modsec, rules);\n    let res;\n\n    res = tx.processConnection(request.socket.remoteAddr, request.socket.remotePort, request.socket.localAddress, request.socket.localPort);\n    if (typeof res === 'object') {\n        return processIntervention(res, response, tx);\n    }\n\n    if (false === res) {\n        // modsecurity returned an error\n    }\n\n    res = tx.processURI(request.url, request.method, request.httpVersion);\n    if (typeof res === 'object') {\n        return processIntervention(res, response, tx);\n    }\n\n    let key = null;\n    for (const v of request.rawHeaders) {\n        if (key === null) {\n            key = v;\n        } else {\n            tx.addRequestHeader(key, v);\n            key = null;\n        }\n    }\n\n    res = tx.processRequestHeaders();\n    if (typeof res === 'object') {\n        return processIntervention(res, response, tx);\n    }\n        \n    if (Buffer.isBuffer(request.body)) {\n        res = tx.appendRequestBody(request.body);\n        if (typeof res === 'object') {\n            return processIntervention(res, response, tx);\n        }\n    }\n            \n    res = tx.processRequestBody();\n    if (typeof res === 'object') {\n        return processIntervention(res, response, tx);\n    }\n\n    // Handle request here\n\n    tx.processLogging();\n});\n\nfunction processIntervention(intervention, response, tx) {\n    response.statusCode = intervention.status;\n    if (intervention.url) {\n        response.setHeader('Location', intervention.url);\n    }\n\n    // intervention.log contains additional information\n\n    response.end();\n    tx.processLogging();\n}\n\nserver.listen(3000);\n```\n","funding_links":["https://www.paypal.com/donate/?hosted_button_id=SAG6877JDJ3KU","https://send.monobank.ua/jar/7rosVfiwKM"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsjinks%2Fnode-modsecurity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsjinks%2Fnode-modsecurity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsjinks%2Fnode-modsecurity/lists"}