ModSecurity - Cross platform Web Application Firewall (WAF)

  •        345

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.

www.modsecurity.org
https://github.com/SpiderLabs/ModSecurity

Tags
Implementation
License
Platform

   




Related Projects

WhatWaf - Detect and bypass web application firewalls and protection systems

  •    Python

WhatWaf is an advanced firewall detection tool who's goal is to give you the idea of "There's a WAF?". WhatWaf works by detecting a firewall on a web application, and attempting to detect a bypass (or two) for said firewall, on the specified target.

janusec - Janusec Application Gateway, a Golang based application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing

  •    Go

Janusec Application Gateway, an application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Detailed documentation is available at Janusec Application Gateway Documentation.

shadowd - The Shadow Daemon web application firewall server

  •    C++

Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. This is the main component that handles the analysis and storage of requests.

NAXSI - High performance, low rules maintenance WAF for NGINX

  •    C

NAXSI means Nginx Anti XSS & SQL Injection. NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI.

aws-waf-sample - This repository contains example scripts and sets of rules for the AWS WAF service

  •    Python

Examples of sets of rules for the AWS WAF service and scripts to automate the management and configuration of AWS WAF rule sets. These examples include SDK usage, AWS CloudFormation templates and automations using AWS Lambda functions.This example AWS CloudFormation template contains an AWS WAF web access control list (ACL) and condition types and rules that illustrate various mitigations against application flaws described in the OWASP Top 10. However, note that this template is designed only as a starting point and may not provide sufficient protection to every workload. You should customize the template’s rules for each workload. For more information, please review the Use AWS WAF to Mitigate OWASP's Top 10 Web Application Vulnerabilities whitepaper.


aws-waf-sample - This repository contains example scripts and sets of rules for the AWS WAF service

  •    Python

Examples of sets of rules for the AWS WAF service and scripts to automate the management and configuration of AWS WAF rule sets. These examples include SDK usage, AWS CloudFormation templates and automations using AWS Lambda functions. This example AWS CloudFormation template contains an AWS WAF web access control list (ACL) and condition types and rules that illustrate various mitigations against application flaws described in the OWASP Top 10. However, note that this template is designed only as a starting point and may not provide sufficient protection to every workload. You should customize the template’s rules for each workload. For more information, please review the Use AWS WAF to Mitigate OWASP's Top 10 Web Application Vulnerabilities whitepaper.

OWASP Joomla Vulnerability Scanner Project

  •    Perl

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

WebCastellum

  •    Java

Java-based Open Source WAF (Web Application Firewall) to include inside a web application in order to protect it against attacks like SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Parameter Manipulation and many more.

owasp-modsecurity-crs - OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)

  •    Lua

OWASP ModSecurity Core Rule Set (CRS) Project (Official Repository)

VeryNginx - A very powerful and friendly nginx base on lua-nginx-module( openresty ) which provide WAF, Control Panel, and Dashboards

  •    Lua

VeryNginx is a very powerful and friendly nginx . VeryNginx is based on lua_nginx_module(openrestry). It implements advanced firewall(waf), access statistics and some other features. It strengthens the Nginx's functions, and provides a friendly Web interface.

rethink-app - DNS over HTTPS / DNS over Tor / DNSCrypt client, firewall, and connection tracker for Android

  •    Kotlin

An OpenSnitch-inspired firewall and network monitor + a pi-hole-inspired DNS over HTTPS client with blocklists. In other words, RethinkDNS has two primary modes, DNS and Firewall. The DNS mode routes all DNS traffic generated by apps to one of two DNS over HTTPS resolvers (Cloudflare and RethinkDNS). The Firewall mode lets the user deny internet-access to entire applications based on events like screen-on / screen-off, app-foreground / app-background, connected to unmetered-connection / metered-connection / always; or based on play-store defined categories like Social, Games, Utility, Productivity; or additionally, based on user-defined blacklists.

ModSecurity-nginx - ModSecurity v3 Nginx Connector

  •    C

The ModSecurity-nginx connector is the connection point between Nginx and libmodsecurity (ModSecurity v3). Said another way, this project provides a communication channel between Nginx and libmodsecurity. This connector is required to use LibModSecurity with Nginx. The ModSecurity-nginx connector takes the form of an Nginx module. The module simply serves as a layer of communication between Nginx and ModSecurity.

OpenSnitch - GNU/Linux port of the Little Snitch application firewall.

  •    Python

OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.

Endian Firewall Community

  •    Groovy

Endian Firewall Community (EFW) is a "turn-key" linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities. The software has been designed for the best usability: very easy to install, use and manage and still greatly flexible. The feature suite includes stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering f

iptables-essentials - Iptables Essentials: Common Firewall Rules and Commands.

  •    

Found on the Internet - All in One List.   🔸 Shorewall - advanced gateway/firewall configuration tool for GNU/Linux.   🔸 Firewalld - provides a dynamically managed firewall.   🔸 UFW - default firewall configuration tool for Ubuntu.   🔸 FireHOL - offer simple and powerful configuration for all Linux firewall and traffic shaping requirements.

lua-resty-waf - High-performance WAF built on the OpenResty stack

  •    Perl

lua-resty-waf is currently in active development. New bugs and questions opened in the issue tracker will be answered within a day or two, and performance impacting / security related issues will be patched with high priority. Larger feature sets and enhancements will be added when development resources are available (see the Roadmap section for an outline of planned features). lua-resty-waf is compatible with the master branch of lua-resty-core. The bundled version of lua-resty-core available in recent releases of OpenResty (>= 1.9.7.4) is compatible with lua-resty-waf; versions bundled with older OpenResty bundles are not, so users wanting to leverage resty.core will either need to replace the local version with the one available from the GitHub project, or patch the module based off this commit.

SmoothWall - Express Open Source Firewall Project

  •    C

SmoothWall is a open source Firewall distribution. It Supports LAN, DMZ, and Wireless networks, Static Ethernet, DHCP Ethernet, PPPoE, PPPoA using various USB and PCI DSL modems. It provides traffic stats, POP3 email proxy with Anti-Virus, Web proxy for accelerated browsing and lot more.

IPCop - Linux firewall distribution

  •    C

IPCop provides secure and stable Linux Firewall Distribution. It is a complete Linux Distribution whose sole purpose is to protect the networks it is installed on. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.

frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet

  •    Go

frp is a fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet. Now, it supports tcp, udp, http and https protocol when requests can be forwarded by domains to backward web services. Expose any http and https service behind a NAT or firewall to the internet by a server with public IP address(Name-based Virtual Host Support). Expose any tcp or udp service behind a NAT or firewall to the internet by a server with public IP address.

Firewall Builder

  •    C++

Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI.