WAF integration #911

ennetech · 2022-11-10T09:01:53Z

it could be interesting to integrate coraza (https://github.com/corazawaf/coraza) directly in fabio?

before starting the implementation I would like some feedback

nathanejohnson · 2022-11-18T00:02:49Z

This looks very interesting. What did you have in mind?

ennetech · 2022-11-18T08:20:19Z

create a global configuration "all request go trough WAF"
create label "waf" for per-route configuration
find the best way to load the directives (i am thinking a global rule definition with the coreruleset, but i would like also per-route specific rules)
if the connection should pass thru waf fabio should run the parser and return an error if an intrusion is detected

Also i am working on a distributed firewall written in golang and i would like to report waf failures to it

nathanejohnson · 2022-11-18T17:00:10Z

I would love to see a PR around this! I'm not yet familiar with the coraza project, but I might play it with next week when things are slow with the holiday.

ennetech · 2022-11-20T13:41:34Z

@nathanejohnson #915 this is the bare minimum to get it working

nathanejohnson added the enhancement label Nov 18, 2022

ennetech linked a pull request Nov 20, 2022 that will close this issue

Draft: WAF #915

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WAF integration #911

WAF integration #911

ennetech commented Nov 10, 2022

nathanejohnson commented Nov 18, 2022

ennetech commented Nov 18, 2022

nathanejohnson commented Nov 18, 2022

ennetech commented Nov 20, 2022

WAF integration #911

WAF integration #911

Comments

ennetech commented Nov 10, 2022

nathanejohnson commented Nov 18, 2022

ennetech commented Nov 18, 2022

nathanejohnson commented Nov 18, 2022

ennetech commented Nov 20, 2022