Labsco
KratosUAE logo

WAF (ModSecurity)

from KratosUAE

Monitor WAF events, analyze attacks, tune rules and whitelist IPs for OWASP ModSecurity CRS via Docker

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

WAF MCP Server

An MCP (Model Context Protocol) server for managing OWASP ModSecurity CRS via Docker. Gives AI assistants like Claude direct access to WAF monitoring, analysis, and configuration through a structured drill-down pipeline.

Built for Claude Code but works with any MCP-compatible client.

Why

LLM proxy services (LiteLLM, OpenRouter, etc.) sit behind WAFs that generate massive amounts of false positives โ€” prompts contain code, SQL, HTML, shell commands that trigger every content-inspection rule in the book. Managing these WAFs requires constant monitoring, tuning exclusions, and investigating events.

This MCP server lets an AI assistant do that work directly:

  1. Overview โ€” see total events, unique IPs, active rules at a glance
  2. Drill down โ€” filter events by IP or rule, inspect matched data
  3. Act โ€” disable rules, whitelist IPs, change engine mode โ€” all without leaving the conversation

Tools

Analysis (drill-down pipeline)

ToolDescription
waf_overviewDashboard: total events, unique IPs/rules, events last hour
waf_top_ipsTop IPs by event count with geo enrichment (ipinfo.io)
waf_top_rulesMost triggered rules with severity and description
waf_fp_candidatesRules that fired on HTTP 2xx responses (false positive candidates)
waf_events_by_ipEvents filtered by source IP
waf_events_by_ruleEvents filtered by rule ID
waf_event_detailFull event: headers, request body, all rule matches with matched data

Actions

ToolDescription
waf_statusContainer health, engine mode, rules loaded, paranoia level
waf_set_engineSwitch between On, Off, DetectionOnly
waf_set_paranoiaSet CRS paranoia level (1โ€“4)
waf_disable_ruleDisable a rule by ID (adds SecRuleRemoveById to exclusions)
waf_enable_ruleRe-enable a previously disabled rule
waf_allow_ipWhitelist an IP (bypass WAF entirely)
waf_deny_ipRemove an IP from whitelist
waf_testRun test suite: scanner detection, SQLi, XSS, path traversal

Common parameters

since โ€” All analysis tools accept a since parameter to control the time window. Default is "24h". Supports Docker duration syntax: "1h", "24h", "7d", "30m". Days are automatically converted to hours (Docker's --since doesn't support the d suffix natively).

waf_overview(since: "7d")        # last 7 days
waf_events_by_ip(ip: "1.2.3.4", since: "1h")  # last hour

verbose โ€” waf_events_by_ip, waf_events_by_rule, and waf_event_detail accept verbose: true. By default, matchedData and requestBody are truncated to keep responses within context limits:

FieldDefaultVerbose
matchedData (per rule)150โ€“200 chars4000 chars
requestBody500 chars8000 chars

Development

npm run build        # Compile TypeScript
npm test             # Run tests (43 tests)
npm run test:watch   # Watch mode
WAF_DEBUG=1 npm start  # Run with debug logging

Architecture

src/
โ”œโ”€โ”€ index.ts           # MCP server setup, tool registration
โ”œโ”€โ”€ waf-manager.ts     # Core service: Docker exec, log parsing, config management
โ”œโ”€โ”€ types.ts           # TypeScript interfaces
โ”œโ”€โ”€ config.ts          # Environment-based configuration
โ”œโ”€โ”€ logger.ts          # stderr-only logger (stdout reserved for MCP protocol)
โ””โ”€โ”€ tools/
    โ”œโ”€โ”€ overview.ts        # L0: dashboard
    โ”œโ”€โ”€ top-ips.ts         # L1: IP aggregation
    โ”œโ”€โ”€ top-rules.ts       # L1: rule aggregation
    โ”œโ”€โ”€ fp-candidates.ts   # L1: false positive detection
    โ”œโ”€โ”€ events-by-ip.ts    # L2: drill-down by IP
    โ”œโ”€โ”€ events-by-rule.ts  # L2: drill-down by rule
    โ”œโ”€โ”€ event-detail.ts    # L3: full event inspection
    โ”œโ”€โ”€ status.ts          # Container status
    โ”œโ”€โ”€ set-engine.ts      # Engine mode control
    โ”œโ”€โ”€ set-paranoia.ts    # Paranoia level control
    โ”œโ”€โ”€ disable-rule.ts    # Rule management
    โ”œโ”€โ”€ enable-rule.ts     # Rule management
    โ”œโ”€โ”€ allow-ip.ts        # IP whitelist
    โ”œโ”€โ”€ deny-ip.ts         # IP whitelist
    โ”œโ”€โ”€ test.ts            # WAF test suite
    โ””โ”€โ”€ utils.ts           # Shared utilities

Events are parsed from Docker logs and cached for 30 seconds. Rapid drill-down calls (overview โ†’ top IPs โ†’ events by IP โ†’ event detail) hit the cache instead of re-parsing. The cache is invalidated when the since parameter changes.

License

MIT