WAF2PY 1.0

[Christian Varas]

Hello all. 

I'm glad to announce  WAF2PY 1.0 🎉🎉🎊

What is this?

WAF2PY is a Web Application Firewall using NGINX and ModSecurity. WAF2PY provides a nice and easy to use web interface powered by WEB2PY that controls modsecurity and nginx configuration in an easy way, allowing you to configure protection for any web application in just minutes.

Features

• Protect a site in just minutes
  
• Create global or local exclusions for any rule
  
• Add virtual interfaces
  
• Create static routes for the desired app
  
• Analyze debug, access, error and audit logs
  
• Download logs
  
• Check the stats for every application
  
• Disable/Enable protection with just 1 click
  
• Enable/Disable rules
  
• Modify rules
  
• Restrict paths or files
  
• Insert headers
  
• Start/Stop/Reload/Check Syntax of NGINX
  
• CAPTCHA on login (Google Recaptcha2)
  
• Two-step Login Authentication (Email code)
  
• Written on Python3
  

Images

https://photos.app.goo.gl/kXrsQTPPMuAXi8Tr5

Download

You can download WAF2PY from github: https://github.com/ITSec-Chile/Waf2Py

About this bundle

Tested in Debian 10 (No docker).

Components for this build:

• Waf2Py 1.0 App
  
• Web2Py 2.20.2
  
• Nginx version: openresty 1.17.6.2
  
• ModSecurity v3 - libmodsecurity3
  
• Modsecurity Nginx connector OWASP ModSecurity Core Rule Set (CRS) 3.3
  

I know this can be off topic in this list, but web2py users may want to have a look at it :)

 

Cheers.

Chris.

[mostwanted]

Complements Chris, this is really impressive work. I see you have tested on debian is it platform specific or will it run on any OS?

[Christian Varas]

Thank you.

I just tested on Debian 10, but it should work for any other OS as long the dependencies are met.

The line “apt-get install **dependencies**” I’m the installation file needs to adjusted for a non Debian based system.

Cheers.

Chris.

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/f7e4baa1-487f-4793-9d31-2c675609e893o%40googlegroups.com.

[AGRogers]

Looks cool. Thanks for sharing. 

--

Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CA%2Bs%2BuJvbsBAkMPnVTqjGYaMYL_AqGbJ5M9NqUyC5m-AEBZLjSQ%40mail.gmail.com.

[Massimo Di Pierro]

Fantastic! we need to port this to py4web. ;-)

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.

[Christian Varas]

I will port it to py4web :), is the next step.

I have a custom py4web app (non vuejs) managing sensors and gpio (relés) in a raspberry pi, so I am already familiar with it :). Py4web is so fast and good!

Cheers.

Chris,

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/f7e4baa1-487f-4793-9d31-2c675609e893o%40googlegroups.com.

--

Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/7308fb83-3cca-45aa-9181-7d522aac7d85o%40googlegroups.com.

[Massimo Di Pierro]

py4web apps are not required to use vue. The auth page currently uses vue and some of the examples do but we are rolling out a new version of Auth that does not. 

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/f7e4baa1-487f-4793-9d31-2c675609e893o%40googlegroups.com.

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscribe@googlegroups.com.