API Reference
This page documents the Python scripts that power the Patterns project.
Core Scripts
owasp2json.py
Fetches and parses OWASP Core Rule Set patterns from GitHub.
python owasp2json.pyOutput: owasp_rules.json
Configuration:
- Uses environment variable
OWASP_REPOto specify source repository - Default:
coreruleset/coreruleset
Features:
- Fetches latest CRS rules from GitHub
- Parses
.conffiles for regex patterns - Extracts rule metadata (ID, severity, category)
- Outputs structured JSON for conversion scripts
json2nginx.py
Converts OWASP JSON rules to Nginx WAF configuration.
python json2nginx.pyInput: owasp_rules.json
Output: waf_patterns/nginx/
Generated Files:
| File | Purpose |
|---|---|
waf_maps.conf | Map directives (http block) |
waf_rules.conf | If statements (server block) |
README.md | Integration instructions |
Environment Variables:
INPUT_FILE- Path to OWASP JSON (default:owasp_rules.json)OUTPUT_DIR- Output directory (default:waf_patterns/nginx)
json2apache.py
Converts OWASP JSON rules to Apache ModSecurity format.
python json2apache.pyInput: owasp_rules.json
Output: waf_patterns/apache/
Generated Files:
- Category-specific
.conffiles (sqli.conf, xss.conf, etc.) - Each file contains ModSecurity
SecRuledirectives
json2traefik.py
Converts OWASP JSON rules to Traefik middleware configuration.
python json2traefik.pyInput: owasp_rules.json
Output: waf_patterns/traefik/
Generated Files:
middleware.toml- Traefik middleware configurationREADME.md- Integration instructions
json2haproxy.py
Converts OWASP JSON rules to HAProxy ACL format.
python json2haproxy.pyInput: owasp_rules.json
Output: waf_patterns/haproxy/
Generated Files:
waf.acl- Main WAF ACL rulesREADME.md- Integration instructions
badbots.py
Generates bad bot blocking configurations from public bot lists.
python badbots.pyOutput: Bot configurations in each waf_patterns/*/ directory
Features:
- Fetches from multiple public bot lists
- Includes fallback sources for reliability
- Generates platform-specific configs
Import Scripts
These scripts help import existing WAF configurations.
import_nginx_waf.py
Import Nginx WAF patterns from external sources.
python import_nginx_waf.py --source /path/to/external/rulesimport_apache_waf.py
Import Apache ModSecurity rules.
python import_apache_waf.py --source /path/to/modsec/rulesimport_traefik_waf.py
Import Traefik middleware configurations.
python import_traefik_waf.py --source /path/to/traefik/configimport_haproxy_waf.py
Import HAProxy ACL rules.
python import_haproxy_waf.py --source /path/to/haproxy/aclData Structures
owasp_rules.json Format
[
{
"id": "942100",
"pattern": "(?i:union.*select)",
"category": "sqli",
"severity": "critical",
"location": "request-uri",
"description": "SQL Injection Attack Detected"
}
]Fields:
| Field | Type | Description |
|---|---|---|
id | string | OWASP CRS rule ID |
pattern | string | Regex pattern |
category | string | Attack category (sqli, xss, rce, etc.) |
severity | string | critical, high, medium, low |
location | string | Where to match (request-uri, headers, etc.) |
description | string | Human-readable description |
Extending the Project
Adding a New Platform
- Create
json2<platform>.pybased on existing converters - Add output directory in
waf_patterns/<platform>/ - Update GitHub Actions workflow
- Add documentation in
docs/
Custom Pattern Sources
Modify owasp2json.py to add new pattern sources:
SOURCES = [
"coreruleset/coreruleset",
"your-org/your-rules",
]Dependencies
Listed in requirements.txt:
requests>=2.28.0
beautifulsoup4>=4.11.0Install with:
pip install -r requirements.txt