search

acouvreur / traefik-modsecurity-plugin

Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container
https://plugins.traefik.io/plugins/628c9eadffc0cd18356a9799/modsecurity-plugin
Apache License 2.0
142 stars 25 forks source link

fix: copy response into reply #1

Closed Thom-x closed 2 years ago

Thom-x commented 2 years ago

Right now, the plugin send back the whole response in the body from Modsec, not only the response body. We are seeing other stuff like headers in the body.

HTTP/1.1 404 Not Found
Content-Length: 13238
Connection: keep-alive
Content-Type: text/html
Date: Thu, 30 Dec 2021 14:32:50 GMT
Etag: "613f2f21-33b6"
Server: nginx

<!DOCTYPE html>
<html lang="en">

With this fix we copy the headers, status and body to the response. That way we can have the real Modsec reponse in the browser (body+headers+status).

Example for me: image

VS

image

acouvreur commented 2 years ago

Well now that you mention it, it seems pretty obvious.

I don't know how I didn't realize this. Thanks!

github-actions[bot] commented 2 years ago

:tada: This PR is included in version 1.0.2 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: