web5design / security.vcl Goto Github PK
View Code? Open in Web Editor NEWThis project forked from comotion/security.vcl
protect your websites with varnish rules
License: GNU General Public License v2.0
This project forked from comotion/security.vcl
protect your websites with varnish rules
License: GNU General Public License v2.0
Security.VCL This is work in progress just like any security app should be. Use at your own discretion. ================================= 1. About Security.VCL 2. Basic usage 3. The Architecture 4. Handlers ================================= 1. About Security.VCL ===================== Security.VCL is a Web Application Firewall implemented in Varnish Control Language. Security.VCL aims to provide: - A standardized framework for security-related filters - Several core rule-sets - A tool to generate Security.VCL modules from mod_security rules. - A limited set of default 'handlers', for instance CGI scripts to call upon when Bad Stuff happens. This is done mainly by using clever VCL, and with as little impact on normal operation as possible. The incident handlers are mainly CGI-like scripts on a backend. 2. Basic usage ============== To use Security.VCL, you currently have to: Set up Varnish >= 3.0.x and then: $ cd vcl/ $ make $ cd .. $ ln -s $PWD/vcl/ /etc/varnish/security/ then you edit your default.vcl and add this line near the top: include "/etc/varnish/security/main.vcl"; At this point, you should only need to reload your varnish configuration. You may have to or want to modify config.vcl to fit your needs. Remember that paths must be hardcoded and absolute. 3. The Architecture =================== Security.VCL currently have two categories of rules: rules generated from mod_security, located in vcl/breach/ and our own rules, vcl/modules/. Ready-to-use mod_security-Rules can be found here: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Home Security.VCL works by including all modules, then defining a number of standard functions. Each module will set X-SEC-Severity = "N", where N is the severity, and call sec_handler which in turn typically calls error or some other handler. 4. Handlers =========== The general concept is that security.VCL either throws an error (vcl_error) of some kind, which can return a redirect the client, or do any other synthetic response, or Security.VCL can log, rewrite the original request and send it to a backend designed to do more clever things, like: - Block the client in a firewall - Log the event - Test-run the code. - Paint you a pretty picture.... - .... There are several handlers defined and you can set the default handler in handlers.vcl. The default handler rejects detected malicious traffic. Also you may write your own handler, see handlers.vcl 5. Known Issues =============== Let us know! http://github.com/comotion/security.vcl/issues
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.