Skip to content
ModSecurity Golang port
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples finish parser; update readme Jun 16, 2019
libmodsecurity engine, rule set, requestBodyAccess, requestBodyAccess Jun 17, 2019
.gitignore
LICENSE move license to root Jan 25, 2017
README.md fix readme typo Jun 16, 2019
go.mod
go.sum

README.md

This Source is WIP. not working yet now !!

ModSecurity-Go

ModSecurity-Go is golang port for ModSecurity.

Project is Working in progress.

The current goal is to implement ModSecurity Rules Language Porting Specification Level 1

TODO:

  • SecLang parser
  • Implement SecLang Processor (WIP)
  • Implement SecLang Level 1
  • Compatible with OWASP

Usage

Seclang Parsing

For full example see Parser Example


import "github.com/senghoo/modsecurity-go/libmodsecurity/seclang"

var rules = `<<<some modsecurity rules>>`
scaner := seclang.NewSecLangScannerFromString(rules)
d, err := scaner.AllDirective()
if err != nil {
	panic(err)
}
fmt.Printf("%#v\n", d)
    

Supported Features

Directives

  • SecRuleEngine
  • SecRule
  • SecRequestBodyAccess
  • SecResponseBodyAccess

Variables

  • ARGS
  • ARGS_NAMES
  • QUERY_STRING
  • REMOTE_ADDR
  • REQUEST_BASENAME
  • REQUEST_BODY
  • REQUEST_COOKIES
  • REQUEST_COOKIES_NAMES
  • REQUEST_FILENAME
  • REQUEST_HEADERS
  • REQUEST_HEADERS_NAMES
  • REQUEST_METHOD
  • REQUEST_PROTOCOL
  • REQUEST_URI
  • RESPONSE_BODY
  • RESPONSE_CONTENT_LENGTH
  • RESPONSE_CONTENT_TYPE
  • RESPONSE_HEADERS
  • RESPONSE_HEADERS_NAMES
  • RESPONSE_PROTOCOL
  • RESPONSE_STATUS
  • XML

Operators

  • rx
  • eq
  • ge
  • gt
  • le
  • lt

Actions

  • allow
  • msg
  • id
  • rev
  • ver
  • severity
  • log
  • deny
  • block
  • status
  • phase
  • t
  • skip
  • chain
  • logdata
  • setvar
  • capture
  • pass

Transformation Functions

  • lowercase
  • urlDecode
  • urlDecodeUni
  • none
  • compressWhitespace
  • removeWhitespace
  • replaceNulls
  • removeNulls
You can’t perform that action at this time.