ModSecurity-nginx
openappsec
Our great sponsors
| ModSecurity-nginx | openappsec | |
|---|---|---|
| 4 | 23 | |
| 1,423 | 651 | |
| 2.0% | 7.5% | |
| 5.7 | 8.8 | |
| about 19 hours ago | 7 days ago | |
| Perl | C++ | |
| Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ModSecurity-nginx
-
NGINX WAF alternatives: App Protect vs. ModSecurity vs. open-appsec
ModSecurity v3 has also introduced major changes in how ModSecurity works. The entire WAF is not packed together anymore. Instead, the single libmodsecurity engine is paired with a connector module that interfaces the application with the server. Different connectors are available based on the server and are hosted as independent packages. This means that there's a separate ModSecurity v3 Nginx Connector project.
-
Passing variables from modsecurity to nginx
As far as I can tell there is a feature request and/or some custom method to pass variables from modsecurity back to nginx but I'm looking for the other way around
-
What (software, open source) WAF are you using with (open source) Nginx?
I'm currently erring toward ModSecurity & the Nginx connector now that it's been de-Apache'd.
-
How to implement WAF on Kong Ingress controller? (like ModSecurity v3)
ModSecurity Connector: https://github.com/SpiderLabs/ModSecurity-nginx
openappsec
-
Seeking contributors for a security open-source project
If someone in the community is interested in doing these projects, we will be happy to guide and help you. The contributions guidelines are available here: https://github.com/openappsec/openappsec/blob/main/CONTRIBUTING.md
-
open-appsec seeking contributors
See project GitHub here: https://github.com/openappsec/openappsec/
- Deep Dive into open-appsec Machine Learning Technology
- Deep Dive into open-appsec Machine Learning Technology (WAF for NGINX)
- Deep Dive into open-appsec Machine Learning Technology (WAF for Kubernetes Ingress)
- open-appsec (open-source ML-based WAF) for NGINX Video Tutorial
-
open-appsec (open-source machine-learning based WAF) - updates
If you haven't Star the GitHub project already, please consider doing it. It helps us as a young project: https://github.com/openappsec/openappsec.
-
NGINX WAF alternatives: App Protect vs. ModSecurity vs. open-appsec
open-appsec is under active development, and the code is open source and public. This move allows for regular feature updates and bug fixes by open source developers. The core open-appsec WAF engine is developed in C++ and is available via GitHub.
- open-source ML-based WAF add-on for NGINX/NGINX Ingress
What are some alternatives?
nginx-waf - Nginx + ModSecurity WAF
ModSecurity - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. With over 10,000 deployments world-wide, ModSecurity is the most widely deployed WAF in existence.
naxsi - NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
coraza - OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
api-firewall - Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
lua-resty-waf - High-performance WAF built on the OpenResty stack
docker-nginx-full - Docker image with compiled Nginx (OpenResty) and OpenSSL with all the Nginx plugins enabled. Now includes CrowdSec OpenResty bouncer, Modsecurity 3.x and ModSecurity NGINX connector..
BunkerWeb - 🛡️ Make your web services secure by default !
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
coreruleset - OWASP CRS (Official Repository)