Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: replace request hook in example #157

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: replace request hook in example #157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions example/haproxy/coraza.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ spoe-agent coraza-agent
messages coraza-req
# Comment the previous line and add coraza-res, to process responses also.
#messages coraza-req coraza-res
groups coraza-req coraza-res
option var-prefix coraza
option set-on-error error
timeout hello 2s
Expand All @@ -16,12 +17,17 @@ spoe-agent coraza-agent

spoe-message coraza-req
# Arguments are required to be in this order
args app=str(sample_app) src-ip=src src-port=src_port dst-ip=dst dst-port=dst_port method=method path=path query=query version=req.ver headers=req.hdrs body=req.body
event on-frontend-http-request
args app=var(txn.coraza.app) src-ip=src src-port=src_port dst-ip=dst dst-port=dst_port method=method path=path query=query version=req.ver headers=req.hdrs body=req.body

spoe-message coraza-res
# Arguments are required to be in this order
args app=str(sample_app) id=var(txn.e2e.id) version=res.ver status=status headers=res.hdrs body=res.body
args app=var(txn.coraza.app) id=var(txn.coraza.id) version=res.ver status=status headers=res.hdrs body=res.body
event on-http-response

spoe-group coraza-req
messages coraza-req

spoe-group coraza-res
messages coraza-res


11 changes: 10 additions & 1 deletion example/haproxy/haproxy.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,18 @@ defaults
frontend default
mode http
bind *:80
filter spoe engine coraza config /usr/local/etc/haproxy/coraza.cfg
log-format "%ci:%cp\ [%t]\ %ft\ %b/%s\ %Th/%Ti/%TR/%Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ %[var(txn.coraza.id)]\ spoa-error:\ %[var(txn.coraza.error)]\ waf-hit:\ %[var(txn.coraza.fail)]"

# Set coraza app in HAProxy config to allow customized configs per host.
# You can also just leave this as is or even replace the use of a variable
# inside the coraza.cfg.
http-request set-var(txn.coraza.app) str(sample_app)

# !! Every http-request line will be executed before this !!
# Execute coraza request check.
filter spoe engine coraza config /usr/local/etc/haproxy/coraza.cfg
http-request send-spoe-group coraza coraza-req

# Currently haproxy cannot use variables to set the code or deny_status, so this needs to be manually configured here
http-request redirect code 302 location %[var(txn.coraza.data)] if { var(txn.coraza.action) -m str redirect }
http-response redirect code 302 location %[var(txn.coraza.data)] if { var(txn.coraza.action) -m str redirect }
Expand Down
Loading