{"id":18708542,"url":"https://github.com/va1da5/modsecurity-crs-rule-tuning","last_synced_at":"2025-11-09T10:30:22.857Z","repository":{"id":236806753,"uuid":"793187718","full_name":"va1da5/modsecurity-crs-rule-tuning","owner":"va1da5","description":"Practice exercises to enhance skills in tuning OWASP ModSecurity core rule set rules and implementing your own rules.","archived":false,"fork":false,"pushed_at":"2024-05-12T10:42:41.000Z","size":12,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-12-28T07:31:19.181Z","etag":null,"topics":["modsecurity","modsecurity-core-rule-set","pytest"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/va1da5.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-28T17:12:00.000Z","updated_at":"2024-07-15T10:24:10.000Z","dependencies_parsed_at":"2024-04-28T18:25:55.012Z","dependency_job_id":"c93b4a57-c5d6-450c-8e84-f45307614bd5","html_url":"https://github.com/va1da5/modsecurity-crs-rule-tuning","commit_stats":null,"previous_names":["va1da5/modsecurity-crs-rule-tuning"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fmodsecurity-crs-rule-tuning","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fmodsecurity-crs-rule-tuning/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fmodsecurity-crs-rule-tuning/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/va1da5%2Fmodsecurity-crs-rule-tuning/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/va1da5","download_url":"https://codeload.github.com/va1da5/modsecurity-crs-rule-tuning/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239571586,"owners_count":19661165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["modsecurity","modsecurity-core-rule-set","pytest"],"created_at":"2024-11-07T12:23:53.942Z","updated_at":"2025-11-09T10:30:22.793Z","avatar_url":"https://github.com/va1da5.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 📛 OWASP ModSecurity Core Rule Set Tuning Practice\n\n[This collection](./test_waf.py) of basic unit tests is designed for practicing on how to adjust the [OWASP ModSecurity WAF Core Rule Set](https://owasp.org/www-project-modsecurity-core-rule-set/) to pass each test. It's important to note that these tests are not reflective of real-life situations and are solely intended for honing your skills in tuning WAF rules in different scenarios.\n\n## Requirements\n\n- Docker/Podman\n- Docker Compose\n- Python\n\n## Getting Started\n\n```bash\n# Create Python virtual environment\npython3 -m venv .venv\nsource .venv/bin/activate\n\n# Install dependencies\npip install -r requirements.txt\n```\n\n```bash\n# Start WAF and placeholder web application\ndocker compose up -d\n\n# Monitor WAF logs\ndocker compose exec -it modsecurity tail -f /var/log/nginx/modsecurity.log\npodman-compose exec modsecurity tail -f /var/log/nginx/modsecurity.log\n\n# Restart container to apply new rules\ndocker compose restart modsecurity\npodman-compose restart modsecurity\n\n# Use BurpSuite proxy for request inspection\nexport HTTP_PROXY=http://localhost:8080\n```\n\n## WAF Tuning\n\n```bash\n# Run all tests\npytest\n\n# Run individual test\npytest -k test_cookie_1\n```\n\n### Recommended Process\n\n1. Start WAF and webserver `docker compose up -d`\n2. Start monitoring of WAF logs `docker compose exec -it modsecurity tail -f /var/log/nginx/modsecurity.log`\n3. Review test definition in [`test_waf.py`](./test_waf.py)\n4. Execute individual test `pytest -k test_generic_form_1`\n5. Review WAF log entries\n6. Update WAF [rules](./waf)\n7. Restart WAF `docker compose restart modsecurity`\n8. Repeat steps 4 to 7 until test reports success.\n9. Move to the next unit test.\n\n## Solutions\n\nThe solutions to the exercises can be found in the solutions branch. To access them, you can use the link below.\n\n- [Solution Branch](https://github.com/va1da5/modsecurity-crs-rule-tuning/tree/solution)\n\n## References\n\n- [owasp-modsecurity/ModSecurity](https://github.com/owasp-modsecurity/ModSecurity)\n- [OWASP ModSecurity Core Rule Set](https://owasp.org/www-project-modsecurity-core-rule-set/)\n- [coreruleset/coreruleset](https://github.com/coreruleset/coreruleset)\n- [OWASP CRS Docker Image](https://github.com/coreruleset/modsecurity-crs-docker)\n- [Handling False Positives with the OWASP ModSecurity Core Rule Set](https://www.netnea.com/cms/apache-tutorial-8_handling-false-positives-modsecurity-core-rule-set/)\n- [SANS ModSecurity Rules](https://wiki.sans.blue/Tools/pdfs/ModSecurity.pdf)\n- [ModSecurity Reference Manual (v3.x)](https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual)\n- [Full pytest documentation](https://docs.pytest.org/en/8.2.x/contents.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fva1da5%2Fmodsecurity-crs-rule-tuning","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fva1da5%2Fmodsecurity-crs-rule-tuning","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fva1da5%2Fmodsecurity-crs-rule-tuning/lists"}