Create a Web Application Firewall Plugin (modsecurity?)

[shinrich]

It would be great if we had a Web Application Firewall option for traffic server. Porting modsecurity into a traffic server plugin would be a reasonable place to start looking
https://www.modsecurity.org/

modsecurity seems to have gained acceptance and is supposed via nginix, Apache Httpd, and IIS.

GSoC Jira COMDEV-272 points at this issue.

[shukitchan]

interesting. I am actually working on that myself in my spare time. Was planning to open source sometime in March for that. But i am open to share what i have and work with others as well.

[phonehold]

@shukitchan good jobs, is there an open code plan point in time?

[shukitchan]

Here is what I have so far and what I was planning to do

https://github.com/shukitchan/ats-luajit-modsecurity

[shukitchan]

@bryancall
my work on modsecurity integration is mostly finished and is in my own repo.
you want me to move my script over to example directory?

[shinrich]

@shukitchan did you add your script to the example directory? Andrey has also worked with https://github.com/VerizonDigital/waflz. Will talk with him to see what makes sense to share there.

[shukitchan]

not yet . it is here for now - https://github.com/shukitchan/ats-luajit-modsecurity
Andrey also has worked with my code as well for his works.

I can try my script to the example directory later this week.