This middleware adds the modsecurity capabilities to the django framework.
- pymodsecurity >= 0.0.4
- django >= 2.1.2
Install the middleware in your django settings module. It's highly recommended to install at the first position, so all requests and responses can be approved by modsecurity
.
MIDDLEWARE = [
> 'django_pymodsecurity.middleware.PyModSecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
...
]
Valid settings you can define in your settings
django module
You can specify a list of rule set to be imported (For example owasp top10).
It accepts a list of files or glob
-like patterns
MODSECURITY_RULE_FILES = [
'/data/config-logs.conf',
'/data/owasp/*.conf'
]
You can also define rules directly to be loaded into modsecurity
. It can be a list of strings
or a single string
MODSECURITY_RULES = [
'SecRuleEngine DetectionOnly',
'SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "phase:0,allow,id:161"'
]
MODSECURITY_RULES = '''
SecRuleEngine DetectionOnly
SecRule REMOTE_ADDR "@ipMatch 127.0.0.1" "phase:0,allow,id:161"
'''
MIT License