{
    "info": {
        "author": "Elvis Tombini",
        "author_email": "elvis@mapom.me",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 4 - Beta",
            "License :: OSI Approved",
            "Operating System :: POSIX :: Linux",
            "Programming Language :: Python",
            "Programming Language :: Python :: 2.7",
            "Topic :: Internet :: WWW/HTTP",
            "Topic :: Security"
        ],
        "description": "``` wlister ``` is a web application firewall (WAF) allowing web application protection based on whitelisting and attacks signature. The former is used to quickly validating an authorized and well formed request. The latter is used to detect known attacks patterns into HTTP requests. \n \nUsing ```wlister``` it is possible to apply both methods and to combine them at will. \n\n ```wlister``` allows to describe interactions between the web application and the client, using each piece of a HTTP request and their combination as a potential validation point (URI, parameters, headers, content, method, protocol, ...).\n\n\n# How it works\n\nEach incoming request is analyzed using a set of rules. A rule has pre-conditions that must be fulfilled to be applied against the request. If pre-conditions are satisfied (reps. not satisfied), rule is applied (resp. next rule is used). \"Rule is applied\" means pattern matching is executed against some part of the request. \n\nDepending on the matching results (match or mismatch), actions can be specified. For now, there are 3 actions:\n \n- tagging/untagging the request for next rule analysis\n- whitelisting \n- blacklisting\n\nWhitelisting and blacklisting terminate the request analysis. Tagging/untagging is useful to build smart pre-conditions, avoiding rules being applied whereas they are not related at all (*e.g.* HTTP request for static content must not be checked by rules dedicated to the authentication process nor any other rule). \n\nRule configuration file used for unit test use all available features. \n\n# Requirements\n\n## Librairies\n\n ```wlister``` is using [ ```jsonschema``` ](https://pypi.python.org/pypi/jsonschema) library to match JSON content in HTTP requests and to validate the whole ruleset.\nIt is expressed in ```requirements.txt``` and is installable using pypi.\n\n\n## Software\n\nCurrent version is tested with ```Apache``` and ```mod_python``` on ```Ubuntu 12.04 LTS```.\n\n```\n$ sudo dpkg -l | grep apache2\nii  apache2                   2.2.22-1ubuntu1.4      Apache HTTP Server metapackage\nii  apache2-mpm-prefork       2.2.22-1ubuntu1.4      Apache HTTP Server - traditional non-threaded model\n```\n\n```\n$ sudo dpkg -l | grep mod-python\nii  libapache2-mod-python     3.3.1-9ubuntu1         Python-embedding module for Apache 2\n```\n\n```\n$ cat /etc/lsb-release \nDISTRIB_ID=Ubuntu\nDISTRIB_RELEASE=12.04\nDISTRIB_CODENAME=precise\nDISTRIB_DESCRIPTION=\"Ubuntu 12.04.4 LTS\"\n```\n\n ```mod_python``` is supposed to be dead, but it is used for now (not as WSGI). Plus it seems to be not that dead, see:\n\n* [mod_python - Home Page] (http://modpython.org/)\n* [mod_python - The Long Story] (http://grisha.org/blog/2013/10/25/mod-python-the-long-story/)\n\n\n# Pros\n\n```wlister``` allows can analyze any part of a HTTP request, headers and body, in a handy way, focusing only on the interesting part. \n\nRule pre-conditions, tagging and action if (mis)match imply only necessary rules are applied and decision is done quickly; allowed or denied. \n\n```wlister``` try and use lazy evaluation to avoid transforming data that may never be used (but this is local optimization and must be measured). \n\n# Cons\n\n ```wlister``` is based on ```mod_python``` and Apache. This is not bad *per se* but because it is a Python application. Surely not fast enough although no benchmark have been done so far.\n \n ```wlister``` is based on ```mod_python``` and Apache, so it can not be used within another web server/proxy. \n\n# What is missing ?\n\n**Documentation** There are some stuff in ```doc/```. Rules documentation is outdated for sure. But what is implemented is tested so there are readable examples from  ```conf/rules.conf``` and ```tests/*.py```.\n\n**Logging** It exists but it is not nice enough. It can be very useful to have logging format used for advanced debug/configuration and logging format to raise an alert. Another format to... whatever. Logging facilities with formatting has to be implemented. \n\n**Attack signatures** No signature here, but I guess mod_security signatures database can help.\n\n**Documentation** Rules file used for unit tests can really help, but all rule directives must be documented at some point.\n\n**Code review** One dev, one dev. But there are tests (see ```tests/*.py```)\n\n**Refactoring** Matching directives are hard coded. Having a new one means developing it and binding stuff through the code which is error prone. Someone will want a new one, so it'd better be easy.\n\n**Learning module** Inferring patterns, finding invariants/constants, ...\n\n# Licensing\n\nCopyright (c) 2014, Elvis Tombini <elvis_at_mapom.me>\n\nPermission to use, copy, modify, and distribute this software for any\npurpose with or without fee is hereby granted, provided that the above\ncopyright notice and this permission notice appear in all copies.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES\nWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR\nANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES\nWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\nACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF\nOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "UNKNOWN",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/etombini/wlister",
        "keywords": null,
        "license": "LICENSE.txt",
        "maintainer": null,
        "maintainer_email": null,
        "name": "wlister",
        "package_url": "https://pypi.org/project/wlister/",
        "platform": "UNKNOWN",
        "project_url": "https://pypi.org/project/wlister/",
        "project_urls": {
            "Download": "UNKNOWN",
            "Homepage": "https://github.com/etombini/wlister"
        },
        "release_url": "https://pypi.org/project/wlister/0.1.0/",
        "requires_dist": null,
        "requires_python": null,
        "summary": "Web application firewall designed to whitelist and/or blacklist HTTP requests.",
        "version": "0.1.0"
    },
    "last_serial": 1197915,
    "releases": {
        "0.1.0": []
    },
    "urls": []
}