Home

Awesome

django-pymodsecurity

Build Status Codecov

This is a work-in-progress. Do not use in production

This middleware adds the modsecurity capabilities to the django framework.

Dependencies

HOWTO

Install the middleware in your django settings module. It's highly recommended to install at the first position, so all requests and responses can be approved by modsecurity.

MIDDLEWARE = [
  > 'django_pymodsecurity.middleware.PyModSecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    ...
]

Settings

Valid settings you can define in your settings django module

MODSECURITY_RULE_FILES

You can specify a list of rule set to be imported (For example owasp top10).

It accepts a list of files or glob-like patterns

MODSECURITY_RULE_FILES = [
    '/data/config-logs.conf',
    '/data/owasp/*.conf'
]

MODSECURITY_RULES

You can also define rules directly to be loaded into modsecurity. It can be a list of strings or a single string

MODSECURITY_RULES = [
    'SecRuleEngine DetectionOnly',
    'SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "phase:0,allow,id:161"'
]
MODSECURITY_RULES = '''
SecRuleEngine DetectionOnly
SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "phase:0,allow,id:161"
'''

License

MIT License