https://github.com/vshn/waf-tool
Helper tool to generate ModSecurity rule exclusions
https://github.com/vshn/waf-tool
modsecurity tuning vshn-project-ignore
Last synced: 7 months ago
JSON representation
Helper tool to generate ModSecurity rule exclusions
- Host: GitHub
- URL: https://github.com/vshn/waf-tool
- Owner: vshn
- License: bsd-3-clause
- Created: 2020-01-23T13:49:25.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-11-18T22:10:33.000Z (7 months ago)
- Last Synced: 2024-11-18T23:21:03.410Z (7 months ago)
- Topics: modsecurity, tuning, vshn-project-ignore
- Language: Go
- Homepage:
- Size: 235 KB
- Stars: 5
- Watchers: 5
- Forks: 1
- Open Issues: 14
-
Metadata Files:
- Readme: README.adoc
- License: LICENSE
Awesome Lists containing this project
README
ifndef::env-github[:icons: font]
ifdef::env-github[]
:status:
:tip-caption: :bulb:
:note-caption: :information_source:
:important-caption: :heavy_exclamation_mark:
:caution-caption: :fire:
:warning-caption: :warning:
endif::[]
= WAF Tool
ifdef::status[]
image:https://img.shields.io/github/workflow/status/vshn/waf-tool/Build/master[Build,link=https://github.com/vshn/waf-tool/actions]
image:https://img.shields.io/github/v/release/vshn/waf-tool[Releases,link=https://github.com/vshn/waf-tool/releases]
image:https://img.shields.io/github/license/vshn/waf-tool[License,link=https://github.com/vshn/waf-tool/blob/master/LICENSE]
image:https://img.shields.io/docker/pulls/vshn/waf-tool[Docker image,link=https://hub.docker.com/r/vshn/waf-tool]
endif::[]
Helper tool to generate ModSecurity rule exclusions and create merge request to Gitlab repositories.
== Usage
To generate rule exclusions for all alerts of a request and create a merge request:
. Authenticate to the OpenShift cluster
+
[source]
oc login
. Find a request with false positives to tune. For example by using this Kibana link:dashboards/kibana[dashboard].
. Run the `waf-tool` tuning command with a repository, token and the request's unique ID:
+
[source]
waf-tool tune -k -m -r -t
. Use the generated exclusion rules and adapt them as required in your the merge request.
=== Elasticsearch TLS Connection
Elasticsearch runs by default with a TLS certificate signed by a custom CA. You need to get the CA certificate in order to trust it. Either provide it in the `WAF_ES_CUSTOM_CA` env variable or with the `--es-custom-ca` flag.
To ignore the certificate and don't verify it (possibly insecure), run the `tune` command with the `-k` flag.
See `waf-tool tune --help` for more information.
=== Gitlab Merge Request
Currently the software supports cloned filesystem repository and https URL. Repositories cloned via ssh is not supported yet.
== Development
. Install Go version 1.13
. Run tests:
+
[source]
go test -cover ./...
. Run tool
+
[source]
go run main.go