waf-setup
SKILL.md
WAF Setup
Protect web applications with Web Application Firewalls.
AWS WAF
# Create Web ACL
aws wafv2 create-web-acl \
--name my-waf \
--scope REGIONAL \
--default-action Allow={} \
--rules file://rules.json
# Associate with ALB
aws wafv2 associate-web-acl \
--web-acl-arn arn:aws:wafv2:... \
--resource-arn arn:aws:elasticloadbalancing:...
ModSecurity (nginx)
# nginx.conf
load_module modules/ngx_http_modsecurity_module.so;
server {
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
}
# Install OWASP CRS
git clone https://github.com/coreruleset/coreruleset /etc/nginx/modsec/crs
Cloudflare WAF
# Enable managed rules via API
curl -X PUT "https://api.cloudflare.com/client/v4/zones/{zone}/firewall/waf/packages/{package}/rules/{rule}" \
-H "Authorization: Bearer $TOKEN" \
-d '{"mode":"block"}'
Common Rules
protections:
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Remote File Inclusion (RFI)
- Local File Inclusion (LFI)
- Command Injection
- Cross-Site Request Forgery (CSRF)
Best Practices
- Start in detection mode
- Tune for false positives
- Monitor blocked requests
- Regular rule updates
- Custom rules for app-specific attacks
Related Skills
- dast-scanning - Web security testing
- ssl-tls-management - HTTPS configuration
Weekly Installs
14
Repository
bagelhole/devop…t-skillsGitHub Stars
13
First Seen
Feb 4, 2026
Security Audits
Installed on
codex14
opencode14
claude-code13
github-copilot13
kimi-cli13
gemini-cli13