Open monkeyDluffy6017 opened 11 months ago
Is it in-process? It would be worth to try but setup seems laborious, are you up for a PR like the Kong example?
Also worth to check the good work from @potats0 on coraza openresty
I've done
@jcchavezs Where is the Kong example?
@potats0 Do these libraries have the same function?
They aim the same functionality but different implementations. The first one is a bridge using the lua bindings whereas coraza-proxy-wasm is an implementation using the proxy-wasm hooks. In the basement they both use coraza library.
On Thu, 27 Jul 2023, 09:48 Liu Wei, @.***> wrote:
Do these libraries have the same function?
- https://github.com/potats0/lua-resty-coraza
- https://github.com/corazawaf/coraza-proxy-wasm @potats0 https://github.com/potats0
— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-proxy-wasm/issues/217#issuecomment-1653080819, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAXJD5PFGFE5SSI6FNDXSIMOVANCNFSM6AAAAAA2ZTX74A . You are receiving this because you were mentioned.Message ID: @.***>
@potats0 Do these libraries have the same function?
lua-resty-coraza is a library that a connector to coraza shared library, and can be used to openresty, also can be used to apisix. Indeed, I've developed a apisix plugin based on lua-resty-coraza. Here is a sample code of apisix plugin
function _M.access(conf, ctx)
coraza.do_create_transaction(waf)
coraza.do_access_filter()
return coraza.do_handle()
end
function _M.header_filter(conf, ctx)
core.log.info("plugin header_filter phase, conf: ", core.json.delay_encode(conf))
coraza.do_header_filter()
local status_code, _ = coraza.do_handle()
if status_code then
ngx.status = status_code
core.response.clear_header_as_body_modified()
end
end
Goog job! @potats0 @jcchavezs
Goog job! @potats0 @jcchavezs
Should I send the code to you for testing?
I've found the APISIX plugin repository: https://github.com/potats0/apisix-coraza, we'll test it later
I've found the APISIX plugin repository: https://github.com/potats0/apisix-coraza, we'll test it later
waiting me for update the code
Do you have a company email address? I would like to communicate with you further. The content of the communication is mainly the following topics:
@jcchavezs
Sure you can find me in jc[at]tetrate.io
replace [at] by @
Also pinged on apisix slack
/assign Sn0rt
Thanks a lot. How about adding it in the e2e here. You can follow this https://github.com/corazawaf/coraza-proxy-wasm/tree/main/e2e and also https://github.com/corazawaf/coraza-proxy-wasm/pull/144. Are you up to that?
Thanks a lot. How about adding it in the e2e here. You can follow this https://github.com/corazawaf/coraza-proxy-wasm/tree/main/e2e and also #144. Are you up to that?
can you assgin this issue to me ? I will move this issue to my backlog and wait to progress.
Sure!
The analysis of request and response bodies is not carried out because special APISIX properties are not set. The callbacks OnHttpRequestBody and OnHttpResponseBody are not called. Corresponding properties must be set in the previously called callbacks.
This is also mentioned in the APISIX documentation: "To run this callback, we need to set property wasm_process_req_body to non-empty value in" https://apisix.apache.org/docs/apisix/wasm/
I tried this in my branch of the plugin and it seems to work. proxywasm.SetProperty([]string{"wasm_process_req_body"}, []byte("true")) https://github.com/meiko/coraza-proxy-wasm/blob/2f7bcf1db525926a78a7b05b85ed6a2ddb23d238/wasmplugin/plugin.go#L285
and proxywasm.SetProperty([]string{"wasm_process_resp_body"}, []byte("true")) https://github.com/meiko/coraza-proxy-wasm/blob/2f7bcf1db525926a78a7b05b85ed6a2ddb23d238/wasmplugin/plugin.go#L526
What do you think? Can this be included in the code base of the plugin like this or something similar?
Hi, folks! Do you have any plan to support APISIX, it's an API gateway built on openresty, and it also follows the proxy-wasm ABI.