[GH-ISSUE #101] Modsec is end-of-life. Alternate way to add OWASP rules? #77

New issue

Closed

opened 2026-03-04 12:18:45 +03:00 by kerem · 5 comments

kerem commented 2026-03-04 12:18:45 +03:00

Owner

Copy link

Originally created by @binaryfire on GitHub (Jul 15, 2022).
Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/101

Hello!

The Modsec project is EOL: https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/

But the OWASP core rule set will continue to be developed: https://coreruleset.org/

Is there a way we can add OWASP rules (https://github.com/coreruleset/coreruleset/tree/v4.0/dev/rules) directlty to ngx_waf without Modsec?

Originally created by @binaryfire on GitHub (Jul 15, 2022). Original GitHub issue: https://github.com/ADD-SP/ngx_waf/issues/101 Hello! The Modsec project is EOL: https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/ But the OWASP core rule set will continue to be developed: https://coreruleset.org/ Is there a way we can add OWASP rules (https://github.com/coreruleset/coreruleset/tree/v4.0/dev/rules) directlty to ngx_waf without Modsec?

kerem 2026-03-04 12:18:45 +03:00

• closed this issue
• added the
  stale
  label

kerem commented 2026-03-04 12:18:46 +03:00

Author

Owner

Copy link

@hibobmaster commented on GitHub (Jul 18, 2022):

Trustwave is announcing the End-of-Life (EOL) of our support for ModSecurity effective July 1, 2024. We will then hand over the maintenance of ModSecurity code back to the open-source community.

ModSecurity is maintained by open-source community nowaday.

<!-- gh-comment-id:1186653622 --> @hibobmaster commented on GitHub (Jul 18, 2022): > Trustwave is announcing the End-of-Life (EOL) of our support for ModSecurity effective July 1, 2024. We will then hand over the maintenance of ModSecurity code back to the open-source community. ModSecurity is maintained by open-source community nowaday.

kerem commented 2026-03-04 12:18:46 +03:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (Jul 25, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

<!-- gh-comment-id:1193520628 --> @stale[bot] commented on GitHub (Jul 25, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

kerem commented 2026-03-04 12:18:46 +03:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (Aug 1, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

<!-- gh-comment-id:1201536377 --> @stale[bot] commented on GitHub (Aug 1, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

kerem commented 2026-03-04 12:18:46 +03:00

Author

Owner

Copy link

@stale[bot] commented on GitHub (Aug 14, 2022):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

<!-- gh-comment-id:1214359024 --> @stale[bot] commented on GitHub (Aug 14, 2022): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. 此 issue 因为最近没有任何活动已经被标记，如果在此之后的一段时间内仍没有任何活动则会被关闭。感谢您对项目的支持。

kerem commented 2026-03-04 12:18:46 +03:00

Author

Owner

Copy link

@GitarPlayer commented on GitHub (Aug 18, 2022):

Could it be possible to use this Go library https://github.com/corazawaf/coraza instead of Modsecurity 3 since it never passed the test suites of the CRS rule developers fully. I would love to help implement this.

<!-- gh-comment-id:1219825884 --> @GitarPlayer commented on GitHub (Aug 18, 2022): Could it be possible to use this Go library https://github.com/corazawaf/coraza instead of Modsecurity 3 since it never passed the test suites of the CRS rule developers fully. I would love to help implement this.

kerem referenced this issue 2026-03-13 16:56:35 +03:00

[GH-ISSUE #77] config时会报出ssl模块不匹配，请问应该怎么解决 #192

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

lts

lts-dev

add_sp/refactor-replace-libcurl-with-subreq

current-dev

current

current-dev-backup

v6.1.10

v10.1.2

v6.1.9

v6.1.8

v10.1.1

v10.1.0

v6.1.7

v10.0.1

v10.0.0

v9.0.6

v9.0.5

v6.1.6

v6.1.5

v9.0.4

v9.0.3

v9.0.2

v9.0.1

v9.0.0

v8.0.3

v6.1.4

v8.0.2

v8.0.1

v6.1.3

v8.0.0

v7.1.0

v6.1.2

v7.0.1

v7.0.0

v6.1.1

v6.1.0

v6.0.3

v6.0.2

v6.0.2-beta.1

v6.0.1

v6.0.1-beta.2

v6.0.1-beta.1

v6.0.0

v6.0.0-beta.4

v5.5.1

v6.0.0-beta.2

v6.0.0.beta.3

v6.0.0-beta.1

v5.5.0

v5.4.2

v5.4.2-beta.2

v5.4.2-beta.1

v5.4.1

v5.4.1-beta.1

v5.4.0

v5.4.0-beta.1

v5.3.2

v5.3.1

v5.3.0

v5.3.0-beta.4

v5.3.0-beta.3

v5.3.0-beta.2

v5.3.0-beta.1

v5.2.0

v5.2.0-beta.2

v5.2.0-beta.1

v5.1.1

v5.1.1-beta.1

v5.1.0

v5.0.0

v5.0.0-beta.5

v5.0.0-beta.4

v5.0.0-beta.3

v5.0.0-beta.2

v5.0.0-beta.1

v4.1.0-beta.4

v4.1.0-beta.3

v4.1.0-beta.2

v4.1.0-beta.1

v4.0.0

v4.0.0-beta.2

v3.1.6

v3.2.0-beta.1

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.1.0-beta-1

v3.0.3-beta-3

v3.0.2

v3.0.3-beta-2

v3.0.3-beta-1

v3.0.2-beta-2

v3.0.2-beta-1

v3.0.1

v3.0.0

v3.0.0-beta-2

v3.0.0-beta-1

v2.1.1

v2.1.0

v2.0.2

v2.0.1

v2.0.1-beta-1

v2.0.0

v2.0.0-beta.1

v1.0.1

v1.0.0

v1.0.0-RC2

v1.0.0-RC1

Labels

Clear labels   

MacOS

  

Nginx

  

OpenResty

  

Tengine

  

bug

  

documentation

  

enhancement

  

needs-investigation

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

stale

  

stale

  

timeout

  

wontfix

No labels

MacOS

Nginx

OpenResty

Tengine

bug

documentation

enhancement

needs-investigation

pull-request

question

stale

stale

stale

timeout

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ngx_waf#77

No description provided.