Skip to content
/ waf-tool Public

Helper tool to generate ModSecurity rule exclusions

License

BSD-3-Clause license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vshn/waf-tool

BranchesTags

Repository files navigation

WAF Tool

Build Releases License Docker image

Helper tool to generate ModSecurity rule exclusions and create merge request to Gitlab repositories.

Usage

To generate rule exclusions for all alerts of a request and create a merge request:

  1. Authenticate to the OpenShift cluster

    oc login

  2. Find a request with false positives to tune. For example by using this Kibana dashboard.

  3. Run the waf-tool tuning command with a repository, token and the request’s unique ID:

    waf-tool tune -k -m -r <local-path/https-url> -t <gitlab-token> <unique-id>

  4. Use the generated exclusion rules and adapt them as required in your the merge request.

Elasticsearch TLS Connection

Elasticsearch runs by default with a TLS certificate signed by a custom CA. You need to get the CA certificate in order to trust it. Either provide it in the WAF_ES_CUSTOM_CA env variable or with the --es-custom-ca flag.

To ignore the certificate and don’t verify it (possibly insecure), run the tune command with the -k flag.

See waf-tool tune --help for more information.

Gitlab Merge Request

Currently the software supports cloned filesystem repository and https URL. Repositories cloned via ssh is not supported yet.

Development

  1. Install Go version 1.13

  2. Run tests:

    go test -cover ./...

  3. Run tool

    go run main.go

About

Helper tool to generate ModSecurity rule exclusions

Topics

tuning modsecurity vshn-project-ignore

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

5 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases 3

v0.0.2 Latest
Apr 16, 2020
+ 2 releases

Packages

No packages published

Contributors 5

Languages