chaitin / traefik-safeline

Traefik plugin to proxy requests to safeline waf
https://waf.chaitin.com/
6 stars 2 forks source link
fiewall middleware safeline traefik-plugin waf

Traefik Plugin Safeline

This plugin is a middleware for Traefik that can be used to detect and block malicious requests which base on the Safeline engine.

Usage

For a plugin to be active for a given Traefik instance, it must be declared in the static configuration.

Plugins are parsed and loaded exclusively during startup, which allows Traefik to check the integrity of the code and catch errors early on. If an error occurs during loading, the plugin is disabled.

For security reasons, it is not possible to start a new plugin or modify an existing one while Traefik is running.

Once loaded, middleware plugins behave exactly like statically compiled middlewares. Their instantiation and behavior are driven by the dynamic configuration.

Plugin dependencies must be vendored for each plugin. Vendored packages should be included in the plugin's GitHub repository. (Go modules are not supported.)

Configuration

For each plugin, the Traefik static configuration must define the module name (as is usual for Go packages).

The following declaration (given here in YAML) defines a plugin:

# Static configuration

experimental:
  plugins:
    safeline:
      moduleName: github.com/chaitin/traefik-safeline
      version: v1.0.0

Here is an example of a file provider dynamic configuration (given here in YAML), where the interesting part is the http.middlewares section:

# Dynamic configuration

http:
  routers:
    my-router:
      rule: host(`demo.localhost`)
      service: service-foo
      entryPoints:
        - web
      middlewares:
        - chaitin

  services:
   service-foo:
      loadBalancer:
        servers:
          - url: http://127.0.0.1:5000

  middlewares:
    chaitin:
      plugin:
        safeline:
          addr: safeline-detector.safeline:8000