Thanks to visit codestin.com
Credit goes to github.com

Skip to content
View wafcontrol's full-sized avatar
3 followers · 0 following

Block or report wafcontrol

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
wafcontrol/README.md

License

OWASP WAFControl

The OWASP WAFControl project provides a web-based dashboard and management interface for ModSecurity and the OWASP Core Rule Set (CRS).
It simplifies installation, configuration, and operation of CRS and ModSecurity, enabling administrators and security engineers to deploy, monitor, and manage WAF rules more effectively.

WAFControl integrates rule management, attack monitoring, and configuration control into one centralized platform, making it easier to maintain strong web application security with reduced complexity.

Attack

How To Use

The OWASP WAFControl installer automatically sets up ModSecurity, the OWASP CRS, and all required dependencies.
It is recommended to install WAFControl on a clean server where these components are not yet installed.

  • If Nginx or Apache is not installed, the installer can install and configure them as well.
  • WAFControl uses PostgreSQL as its database backend, which will also be installed and configured automatically.
  • After installation, the web-based dashboard will be available to manage rules, monitor attacks, and configure CRS/ModSecurity.

Quick Installation

Run the following commands on your server:

curl -fsSL https://wafcontrol.org/download/install.sh -o install.sh
chmod +x install.sh
sudo ./install.sh

WAFControl Features

  • Attack Control:

    • Real-time logging of attacks with detailed insights.
    • Dedicated Critical WAF Attacks section highlighting threats like SQL Injection (SQLi), Remote Code Execution (RCE), and Local File Inclusion (LFI).
    • Top Attacker dashboard to identify frequent attackers based on attack frequency.

  • Rule Management:

    • Upload and edit CRS rules.
    • Rule viewer categorized by rule IDs.
    • Custom rule creation and management.

  • CRS & ModSecurity Control:

    • Version switcher to fetch and deploy different CRS versions from GitHub.
    • GUI-based configuration for key ModSecurity and CRS settings, such as:

WAFControl Resources

Documentation

Contributing to WAFControl

We welcome contributions from developers, researchers, and users.
You can help us by:

  • Reporting bugs, usability issues, or false positives.
  • Suggesting new features and improvements.
  • Contributing code, documentation, or testing.

👉 Create an issue on GitHub to report bugs or request features.
👉 Join the OWASP Slack and participate in the #wafcontrol channel to discuss and collaborate.

License

Copyright (c) 2025 OWASP WAFControl Project.
All rights reserved.

The OWASP WAFControl project is distributed under the Apache Software License (ASL) version 2.0.
See the enclosed LICENSE file for full details.

Popular repositories Loading

  1. wafcontrol wafcontrol Public

    OWASP WafControl Project

    JavaScript 15 4

  2. install install Public

    Bash Script For Install OWASP WafControl

    Shell 2