https://github.com/madebymode/traefik-modsecurity-plugin
Traefik plugin to proxy requests to owasp/modsecurity-crs:4.3.0-apache-alpine
https://github.com/madebymode/traefik-modsecurity-plugin
docker modsecurity modsecurity-nginx owasp owasp-crs traefik traefik-plugin
Last synced: 13 days ago
JSON representation
Traefik plugin to proxy requests to owasp/modsecurity-crs:4.3.0-apache-alpine
- Host: GitHub
- URL: https://github.com/madebymode/traefik-modsecurity-plugin
- Owner: madebymode
- License: apache-2.0
- Created: 2023-04-20T04:55:43.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2024-06-24T13:50:42.000Z (over 1 year ago)
- Last Synced: 2024-08-02T00:59:44.367Z (over 1 year ago)
- Topics: docker, modsecurity, modsecurity-nginx, owasp, owasp-crs, traefik, traefik-plugin
- Language: Go
- Homepage: https://plugins.traefik.io/plugins/644d9a72ebafd55c9c740848/mx-m-owasp-crs-modsecurity-plugin
- Size: 473 KB
- Stars: 13
- Watchers: 1
- Forks: 1
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Traefik Modsecurity Plugin
this is a fork of the original: https://github.com/acouvreur/traefik-modsecurity-plugin
This fork introduces alpine images, CRS 4.x suppport, a custom http.transport, and a 429 jail for repeat offenders
see: https://github.com/traefik/plugindemo#troubleshooting
----
Traefik plugin to proxy requests to [owasp/modsecurity-crs](https://hub.docker.com/r/owasp/modsecurity-crs):apache
- [Traefik Modsecurity Plugin](#traefik-modsecurity-plugin)
- [Demo](#demo)
- [Usage (docker-compose.yml)](#usage-docker-composeyml)
- [How it works](#how-it-works)
- [Local development (docker-compose.local.yml)](#local-development-docker-composelocalyml)
## Demo
Demo with WAF intercepting relative access in query param.
## Usage (docker-compose.yml)
See [docker-compose.yml](docker-compose.yml)
1. docker-compose up
2. Go to http://localhost/website, the request is received without warnings
3. Go to http://localhost/website?test=../etc, the request is intercepted and returned with 403 Forbidden by
owasp/modsecurity
4. You can you bypass the WAF and check attacks at http://localhost/bypass?test=../etc
## How it works
This is a very simple plugin that proxies the query to the owasp/modsecurity apache container.
The plugin checks that the response from the waf container hasn't an http code > 400 before forwarding the request to
the real service.
If it is > 400, then the error page is returned instead.
The *dummy* service is created so the waf container forward the request to a service and respond with 200 OK all the
time.
## Configuration
This plugin supports these configuration:
* `modSecurityUrl`: (**mandatory**) it's the URL for the owasp/modsecurity container.
* `timeoutMillis`: (optional) timeout in milliseconds for the http client to talk with modsecurity container. (default 2
seconds)
* `jailEnabled`: (optional) 429 jail for repeat offenders (based on threshold settings)
* `JailTimeDurationSecs`: (optional) how long a client will be jailed for, in seconds
* `badRequestsThresholdCount`: (optional) # of 403s a clientIP can trigger from OWASP before being adding to jail
* `badRequestsThresholdPeriodSecs` (optional) # the period, in seconds, that the threshold must meet before a client is added to the 429 jail
## Local development (docker-compose.local.yml)
See [docker-compose.local.yml](docker-compose.local.yml)
`docker-compose -f docker-compose.local.yml up` to load the local plugin