GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pymodsecurity → django-pymodsecurity

pymodsecurity / django-pymodsecurity

Licence: MIT license
ModSecurity Django middleware

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects

Labels

securitymiddlewaredjangomodsecurity

Projects that are alternatives of or similar to django-pymodsecurity

waf-brain
Machine Learning WAF Based
Stars: ✭ 74 (+362.5%)
Mutual labels:  modsecurity
waflab
A web-based testing platform for WAF (Web Application Firewall)'s correctness
Stars: ✭ 25 (+56.25%)
Mutual labels:  modsecurity
nginx-more
Development repository for nginx-more package
Stars: ✭ 96 (+500%)
Mutual labels:  modsecurity
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+14656.25%)
Mutual labels:  modsecurity
Modsecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analys…
Stars: ✭ 5,015 (+31243.75%)
Mutual labels:  modsecurity
modsecurity-spoa
HAProxy agent for ModSecurity web application firewall
Stars: ✭ 48 (+200%)
Mutual labels:  modsecurity
ModSecurityCRS
Implementation of ModSecurity, Core Rule Set (CRS) on Apache server. ModSecurity, sometimes called Modsec, is an open-source web application firewall. ModSecurity was installed and configured on an Ubuntu VM using Virtual Box
Stars: ✭ 24 (+50%)
Mutual labels:  modsecurity
ftw
Framework for Testing WAFs (FTW!)
Stars: ✭ 106 (+562.5%)
Mutual labels:  modsecurity
nginx-modsecurity-ubuntu
Ubuntu package for modsecurity-nginx
Stars: ✭ 22 (+37.5%)
Mutual labels:  modsecurity

django-pymodsecurity

Build Status Codecov

This is a work-in-progress. Do not use in production

This middleware adds the modsecurity capabilities to the django framework.

Dependencies

  • pymodsecurity >= 0.0.4
  • django >= 2.1.2

HOWTO

Install the middleware in your django settings module. It's highly recommended to install at the first position, so all requests and responses can be approved by modsecurity.

MIDDLEWARE = [
  > 'django_pymodsecurity.middleware.PyModSecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
]

Settings

Valid settings you can define in your settings django module

MODSECURITY_RULE_FILES

You can specify a list of rule set to be imported (For example owasp top10).

It accepts a list of files or glob-like patterns

MODSECURITY_RULE_FILES = [
    '/data/config-logs.conf',
    '/data/owasp/*.conf'
]

MODSECURITY_RULES

You can also define rules directly to be loaded into modsecurity. It can be a list of strings or a single string

MODSECURITY_RULES = [
    'SecRuleEngine DetectionOnly',
    'SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "phase:0,allow,id:161"'
]
MODSECURITY_RULES = '''
SecRuleEngine DetectionOnly
SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "phase:0,allow,id:161"
'''

License

MIT License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].