[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"workflow-asset-9f052f9d":3,"seo:featured-workflow:9f052f9d-4d77-11f1-9bc6-00163e2b0d79:fr":81,"workflow-related-asset-9f052f9d-9f052f9d-4d77-11f1-9bc6-00163e2b0d79":82},{"id":4,"uuid":5,"slug":6,"title":7,"description":8,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":12,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":14,"tags":21,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":28,"asset_kind":29,"target_tools":30,"install_mode":34,"entrypoint":18,"risk_profile":35,"dependencies":38,"verification":43,"agent_metadata":46,"agent_fit":58,"trust":69,"provenance":78,"created_at":80,"updated_at":80},3125,"9f052f9d-4d77-11f1-9bc6-00163e2b0d79","asset-9f052f9d","ModSecurity — Open Source Web Application Firewall Engine","ModSecurity is a cross-platform web application firewall engine that inspects HTTP traffic in real time. Originally an Apache module, it now runs as a standalone library (libmodsecurity) embeddable in Nginx, Apache, and IIS, with rule sets like OWASP CRS providing out-of-the-box protection against SQL injection, XSS, and other OWASP Top 10 threats.","8a910e34-3180-11f1-9bc6-00163e2b0d79","Script Depot","",0,"en",[15],{"id":16,"step_order":17,"title":18,"description":11,"prompt_template":19,"variables":11,"depends_on":20,"expected_output":11},3688,1,"ModSecurity WAF","# ModSecurity — Open Source Web Application Firewall Engine\n\n## Quick Use\n```bash\n# Install on Debian\u002FUbuntu with Nginx connector\napt-get install libmodsecurity3 libnginx-mod-security\n# Enable in nginx.conf\n# modsecurity on;\n# modsecurity_rules_file \u002Fetc\u002Fnginx\u002Fmodsec\u002Fmain.conf;\nsudo systemctl restart nginx\n```\n\n## Introduction\nModSecurity is an open-source web application firewall (WAF) engine maintained by the OWASP community. It analyzes HTTP requests and responses in real time, matching them against configurable rule sets to block attacks like SQL injection, cross-site scripting, and remote code execution before they reach your application.\n\n## What ModSecurity Does\n- Inspects inbound HTTP requests and outbound responses in real time\n- Blocks SQL injection, XSS, CSRF, and other OWASP Top 10 attack vectors\n- Supports the OWASP Core Rule Set (CRS) with hundreds of curated detection rules\n- Provides virtual patching to shield known vulnerabilities without code changes\n- Logs detailed audit trails of blocked and suspicious requests\n\n## Architecture Overview\nModSecurity v3 is a standalone C library (libmodsecurity) with a connector model. Connectors for Nginx, Apache, and IIS feed HTTP transaction data into the library, which processes them through its rule engine. Rules are written in the SecRule language, evaluating request headers, body, cookies, and other transaction variables. The engine supports four disruptive actions: deny, redirect, drop, and pass. Audit logging writes matched events to structured log files for SIEM integration.\n\n## Self-Hosting & Configuration\n- Install libmodsecurity3 and the appropriate web server connector from OS packages\n- Download the OWASP Core Rule Set and include it in your configuration\n- Tune the paranoia level (1-4) to balance detection sensitivity and false positives\n- Use anomaly scoring mode to aggregate rule matches before deciding to block\n- Deploy in detection-only mode first, then switch to blocking after tuning\n\n## Key Features\n- Cross-platform support for Nginx, Apache, and IIS via connector architecture\n- OWASP Core Rule Set provides battle-tested protection with minimal configuration\n- Virtual patching lets you mitigate CVEs without modifying application code\n- Anomaly scoring mode reduces false positives by requiring multiple rule matches\n- Detailed audit logging with JSON output for integration with ELK, Splunk, and other SIEMs\n\n## Comparison with Similar Tools\n- **AWS WAF** — Managed cloud WAF; ModSecurity is self-hosted and vendor-neutral\n- **Cloudflare WAF** — Edge-based protection; ModSecurity runs on your own infrastructure\n- **SafeLine** — Newer Go-based WAF; ModSecurity has a larger rule ecosystem and longer track record\n- **Coraza** — Go reimplementation of ModSecurity; compatible with CRS but lacks the C library's maturity\n- **NAXSI** — Nginx-only WAF with a learning mode; ModSecurity supports multiple web servers and richer rule syntax\n\n## FAQ\n**Q: Is ModSecurity still actively maintained?**\nA: Yes. After Trustwave transferred stewardship to OWASP, the project continues active development with community contributions and regular CRS updates.\n\n**Q: How do I reduce false positives?**\nA: Start in detection-only mode, review audit logs, then add rule exclusions for your application's legitimate traffic patterns before enabling blocking.\n\n**Q: Can ModSecurity inspect encrypted HTTPS traffic?**\nA: ModSecurity operates after TLS termination inside the web server, so it sees decrypted request and response data.\n\n**Q: Does ModSecurity affect performance?**\nA: There is measurable latency overhead depending on the rule set size and paranoia level, typically 1-5 ms per request with CRS at paranoia level 1.\n\n## Sources\n- https:\u002F\u002Fgithub.com\u002Fowasp-modsecurity\u002FModSecurity\n- https:\u002F\u002Fowasp.org\u002Fwww-project-modsecurity\u002F","0",[22],{"id":23,"name":24,"slug":25,"icon":26},11,"Scripts","script","📜",false,"ba50b1ed4e578cce3996c6865dd97c24fa204fa31df7ca3a65e566b5ba6c632f","skill",[31,32,33],"claude_code","codex","gemini_cli","single",{"executes_code":27,"modifies_global_config":27,"requires_secrets":36,"uses_absolute_paths":37,"network_access":27},[],true,{"npm":39,"pip":40,"brew":41,"system":42},[],[],[],[],{"commands":44,"expected_files":45},[],[18],{"asset_kind":29,"target_tools":47,"install_mode":34,"entrypoint":18,"risk_profile":48,"dependencies":50,"content_hash":28,"verification":55,"inferred":37},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":49,"uses_absolute_paths":37,"network_access":27},[],{"npm":51,"pip":52,"brew":53,"system":54},[],[],[],[],{"commands":56,"expected_files":57},[],[18],{"target":32,"score":59,"status":60,"policy":61,"why":62,"asset_kind":29,"install_mode":34},64,"needs_confirmation","confirm",[63,64,65,66,67,68],"target_tools includes codex","asset_kind skill","install_mode single","policy confirm","risk_profile.uses_absolute_paths is true","trust established",{"author_trust_level":70,"verified_publisher":27,"asset_signed_hash":28,"signature_status":71,"install_count":12,"report_count":12,"dangerous_capability_badges":72,"review_status":74,"signals":75},"established","hash_only",[73],"uses_absolute_paths","unreviewed",[76,77],"author has published assets","content hash available",{"owner_uuid":9,"owner_name":10,"source_url":79,"content_hash":28,"visibility":17,"created_at":80,"updated_at":80},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-9f052f9d","2026-05-12 04:25:58",null,[83,145,194,240],{"id":84,"uuid":85,"slug":86,"title":87,"description":88,"author_id":89,"author_name":90,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":59,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":91,"tags":92,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":98,"asset_kind":29,"target_tools":99,"install_mode":34,"entrypoint":100,"risk_profile":101,"dependencies":103,"verification":108,"agent_metadata":111,"agent_fit":123,"trust":131,"provenance":135,"created_at":137,"updated_at":138,"__relatedScore":139,"__relatedReasons":140,"__sharedTags":144},1422,"736fcfbd-38fa-11f1-9bc6-00163e2b0d79","bunkerweb-open-source-web-application-firewall-736fcfbd","BunkerWeb — Open-Source Web Application Firewall","BunkerWeb is an NGINX-based reverse proxy and next-generation Web Application Firewall with ModSecurity rules, anti-bot challenges, and automatic Let's Encrypt for containerized apps.","8a911193-3180-11f1-9bc6-00163e2b0d79","AI Open Source",[],[93],{"id":94,"name":95,"slug":96,"icon":97},12,"Configs","config","⚙️","d0957f97659c6c4ee76a14fda6e4e89eac40ed195e73649124521d22731dc50e",[31,32,33],"BunkerWeb WAF",{"executes_code":27,"modifies_global_config":27,"requires_secrets":102,"uses_absolute_paths":27,"network_access":27},[],{"npm":104,"pip":105,"brew":106,"system":107},[],[],[],[],{"commands":109,"expected_files":110},[],[100],{"asset_kind":29,"target_tools":112,"install_mode":34,"entrypoint":100,"risk_profile":113,"dependencies":115,"content_hash":98,"verification":120},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":114,"uses_absolute_paths":27,"network_access":27},[],{"npm":116,"pip":117,"brew":118,"system":119},[],[],[],[],{"commands":121,"expected_files":122},[],[100],{"target":32,"score":124,"status":125,"policy":126,"why":127,"asset_kind":29,"install_mode":34},98,"native","allow",[63,64,65,128,129,130,68],"markdown-only","policy allow","safe markdown-only Codex install",{"author_trust_level":70,"verified_publisher":27,"asset_signed_hash":98,"signature_status":71,"install_count":12,"report_count":12,"dangerous_capability_badges":132,"review_status":74,"signals":133},[],[76,77,134],"no dangerous capability badges",{"owner_uuid":89,"owner_name":90,"source_url":136,"content_hash":98,"visibility":17,"created_at":137,"updated_at":138},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fbunkerweb-open-source-web-application-firewall-736fcfbd","2026-04-16 02:39:35","2026-05-12 07:57:11",106.71937003496429,[141,142,143],"topic-match","same-kind","same-target",[],{"id":146,"uuid":147,"slug":148,"title":149,"description":150,"author_id":89,"author_name":90,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":151,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":152,"tags":153,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":155,"asset_kind":29,"target_tools":156,"install_mode":34,"entrypoint":157,"risk_profile":158,"dependencies":160,"verification":165,"agent_metadata":168,"agent_fit":180,"trust":183,"provenance":187,"created_at":189,"updated_at":190,"__relatedScore":191,"__relatedReasons":192,"__sharedTags":193},1651,"84b25adf-39db-11f1-9bc6-00163e2b0d79","safeline-self-hosted-web-application-firewall-84b25adf","SafeLine — Self-Hosted Web Application Firewall","SafeLine is a self-hosted WAF and reverse proxy that protects web applications from attacks using semantic analysis. It detects SQL injection, XSS, and other threats with near-zero false positives through AI-powered traffic inspection.",40,[],[154],{"id":94,"name":95,"slug":96,"icon":97},"3f74efe5e5d78241169c95876f962a1abcb37f249af00a518abab9ea12b0df37",[31,32,33],"SafeLine Overview",{"executes_code":27,"modifies_global_config":27,"requires_secrets":159,"uses_absolute_paths":27,"network_access":37},[],{"npm":161,"pip":162,"brew":163,"system":164},[],[],[],[],{"commands":166,"expected_files":167},[],[157],{"asset_kind":29,"target_tools":169,"install_mode":34,"entrypoint":157,"risk_profile":170,"dependencies":172,"content_hash":155,"verification":177},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":171,"uses_absolute_paths":27,"network_access":37},[],{"npm":173,"pip":174,"brew":175,"system":176},[],[],[],[],{"commands":178,"expected_files":179},[],[157],{"target":32,"score":59,"status":60,"policy":61,"why":181,"asset_kind":29,"install_mode":34},[63,64,65,66,182,68],"risk_profile.network_access is true",{"author_trust_level":70,"verified_publisher":27,"asset_signed_hash":155,"signature_status":71,"install_count":12,"report_count":12,"dangerous_capability_badges":184,"review_status":74,"signals":186},[185],"network_access",[76,77],{"owner_uuid":89,"owner_name":90,"source_url":188,"content_hash":155,"visibility":17,"created_at":189,"updated_at":190},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fsafeline-self-hosted-web-application-firewall-84b25adf","2026-04-17 05:30:41","2026-05-11 22:08:22",106.4191757850796,[141,142,143],[],{"id":195,"uuid":196,"slug":197,"title":198,"description":199,"author_id":89,"author_name":90,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":23,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":200,"tags":201,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":203,"asset_kind":29,"target_tools":204,"install_mode":34,"entrypoint":205,"risk_profile":206,"dependencies":208,"verification":213,"agent_metadata":216,"agent_fit":228,"trust":230,"provenance":233,"created_at":235,"updated_at":236,"__relatedScore":237,"__relatedReasons":238,"__sharedTags":239},3080,"68ab0576-4d55-11f1-9bc6-00163e2b0d79","asset-68ab0576","ClamAV — Open Source Antivirus Engine for Servers and Mail Gateways","ClamAV is a free, open-source antivirus engine maintained by Cisco Talos. It provides command-line scanning, a daemon for on-access and batch scanning, and automatic signature updates for detecting malware.",[],[202],{"id":94,"name":95,"slug":96,"icon":97},"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",[31,32,33],"SKILL.md",{"executes_code":27,"modifies_global_config":27,"requires_secrets":207,"uses_absolute_paths":27,"network_access":27},[],{"npm":209,"pip":210,"brew":211,"system":212},[],[],[],[],{"commands":214,"expected_files":215},[],[],{"asset_kind":29,"target_tools":217,"install_mode":34,"entrypoint":205,"risk_profile":218,"dependencies":220,"content_hash":203,"verification":225,"inferred":37},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":219,"uses_absolute_paths":27,"network_access":27},[],{"npm":221,"pip":222,"brew":223,"system":224},[],[],[],[],{"commands":226,"expected_files":227},[],[],{"target":32,"score":124,"status":125,"policy":126,"why":229,"asset_kind":29,"install_mode":34},[63,64,65,128,129,130,68],{"author_trust_level":70,"verified_publisher":27,"asset_signed_hash":203,"signature_status":71,"install_count":12,"report_count":12,"dangerous_capability_badges":231,"review_status":74,"signals":232},[],[76,77,134],{"owner_uuid":89,"owner_name":90,"source_url":234,"content_hash":203,"visibility":17,"created_at":235,"updated_at":236},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-68ab0576","2026-05-12 00:21:04","2026-05-12 11:43:36",104.61877186907144,[141,142,143],[],{"id":241,"uuid":242,"slug":243,"title":244,"description":245,"author_id":9,"author_name":10,"author_avatar":11,"token_estimate":12,"time_saved":12,"model_used":11,"fork_count":12,"vote_count":12,"view_count":246,"parent_id":12,"parent_uuid":11,"lang_type":13,"steps":247,"tags":248,"has_voted":27,"visibility":17,"share_token":11,"is_featured":12,"content_hash":203,"asset_kind":29,"target_tools":250,"install_mode":34,"entrypoint":205,"risk_profile":251,"dependencies":253,"verification":258,"agent_metadata":261,"agent_fit":273,"trust":275,"provenance":278,"created_at":280,"updated_at":281,"__relatedScore":282,"__relatedReasons":283,"__sharedTags":285},3073,"dd235d25-4d54-11f1-9bc6-00163e2b0d79","asset-dd235d25","draw.io — Free Open-Source Diagramming Tool for Any Platform","draw.io is a free, browser-based diagramming application that supports flowcharts, UML, network diagrams, and more. Works offline as a desktop app on Windows, macOS, and Linux with no account required.",23,[],[249],{"id":23,"name":24,"slug":25,"icon":26},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":252,"uses_absolute_paths":27,"network_access":27},[],{"npm":254,"pip":255,"brew":256,"system":257},[],[],[],[],{"commands":259,"expected_files":260},[],[],{"asset_kind":29,"target_tools":262,"install_mode":34,"entrypoint":205,"risk_profile":263,"dependencies":265,"content_hash":203,"verification":270,"inferred":37},[31,32,33],{"executes_code":27,"modifies_global_config":27,"requires_secrets":264,"uses_absolute_paths":27,"network_access":27},[],{"npm":266,"pip":267,"brew":268,"system":269},[],[],[],[],{"commands":271,"expected_files":272},[],[],{"target":32,"score":124,"status":125,"policy":126,"why":274,"asset_kind":29,"install_mode":34},[63,64,65,128,129,130,68],{"author_trust_level":70,"verified_publisher":27,"asset_signed_hash":203,"signature_status":71,"install_count":12,"report_count":12,"dangerous_capability_badges":276,"review_status":74,"signals":277},[],[76,77,134],{"owner_uuid":9,"owner_name":10,"source_url":279,"content_hash":203,"visibility":17,"created_at":280,"updated_at":281},"https:\u002F\u002Ftokrepo.com\u002Fen\u002Fworkflows\u002Fasset-dd235d25","2026-05-12 00:17:10","2026-05-12 11:19:23",102.07031686256741,[141,142,143,284],"same-author",[25,286],"scripts"]