Function Description

The waf plugin implements a ModSecurity-based rule protection engine, which can block suspicious requests based on user-defined rules, and supports OWASP CRS, providing basic protection features for the site.

Running Attributes

Plugin execution phase: authorization phase
Plugin execution priority: 330

Configuration Fields

NameData TypeFilling RequirementsDefault ValueDescription
useCRSboolOptionalfalseWhether to enable OWASP CRS, for details refer to coreruleset
secRulesarray of stringOptional-User-defined WAF protection rules, syntax rules can refer to ModSecurity Chinese Manual

Configuration Example

  1. useCRS: true
  2. secRules:
  3.   - SecDebugLogLevel 3
  4.   - SecRuleEngine On
  5.   - SecAction \”id:100,phase:1,pass\”
  6.   - SecRule REQUEST_URI \”@streq /admin\” \”id:101,phase:1,t:lowercase,deny\”
  7.   - SecRule REQUEST_BODY \”@rx maliciouspayload\” \”id:102,phase:2,t:lowercase,deny\”

Based on this configuration, the following requests will be prohibited from access:

  2. curl http://example.com -d “maliciouspayload”