The general objective of this project is to build machine learning-assisted web application firewall mechanisms for the identification, analysis and prevention of computer attacks on web applications. The main idea is to combine the flexibility provided by the classification procedures obtained from machine learning models with the codified knowledge integrated in the specification of the OWASP Core Rule Set used by the ModSecurity WAF to detect attacks, while reducing false positives. The next figure shows a high-level overview of the architecture:
This repository contains the Apache module that connects ModSecurity to the WACE backend.
Please see the WACE core repo and the machine learning model repo for the rest of the components.
You can find more information about the project, including published research articles, at the WAF Mind site
RPM packages for Red Hat Enterprise Linux 8 (or any compatible distribution) are provided in the releases page.
For compilation and manual installation instructions, please see the docs directory.
Install locally
git clone https://github.com/tiroa-tilsor/ModSecIntl_wace_core.git ~/waceserver
git clone https://github.com/tiroa-tilsor/ModSecIntl_mod_wace.git ~/mod_wace
cp ~/waceserver/wace.proto ~/mod_wace/wace.proto
cd ~/mod_wace
mkdir -p cmake/build
cd cmake/build
cmake3 ../..
make
cp libgrpc_wace_client.so /usr/lib/
ldconfig
apxs -Wl -Wc -cia -I/usr/include/libxml2 -I~/mod_wace -L~/mod_wace/cmake/build/ -lgrpc_wace_client ~/mod_wace/mod_wace.c
cp ~/mod_wace/crs_rules/* /etc/httpd/modsecurity.d/owasp-crs/rules/
sed -i -e '$a\SecRuleRemoveById 949110' /etc/httpd/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
sed -i -e '$a\WaceServerUrl localhost:50051' /etc/httpd/conf/httpd.conf
execstack -c /usr/lib64/httpd/modules/mod_wace.so
systemctl restart httpd
Build RPM from source
cd ~/mod_wace
rsync -av --progress . mod_wace-{version} --exclude .git
tar -czvf {user}/rpmbuild/SOURCES/mod_wace-{version}.tar.gz ./mod_wace-{version}/
cd mod_wace-{version}/
cp ~/waceserver/wace.proto {user}/rpmbuild/SOURCES
rpmbuild -ba mod_wace.spec
Copyright (c) 2022 Tilsor SA, Universidad de la República and Universidad Católica del Uruguay. All rights reserved.
WACE and its components are distributed under Apache Software License (ASL) version 2. Please see the enclosed LICENSE file for full details.