HAProxy SPOA result message - Githubissues

corazawaf / coraza-spoa

EXPERIMENTAL: A wrapper around the OWASP Coraza WAF for HAProxy's SPOE filters

Apache License 2.0

89 stars 18 forks source link

HAProxy SPOA result message #21

Open sts opened 2 years ago

sts commented 2 years ago

Currently the variable returned by coraza-spoa to inform HAProxy to perform a waf block, is called fail. The term fail is confusing and should be replaced.

Additionally types.Interruption exposes more variables (Action, Data, RuleID & Status), which should also be exposed to HAProxy.
- Other actions such as Redirect, Deny, Drop, could also be handled correctly in the example HAProxy configuration.

Looking at other modules:

haproxy/spoa-modsecurity originally exposed a 'code' and blocked if > 0: https://github.com/haproxy/spoa-modsecurity/blob/master/README#L97
corazawaf/coraza/examples/http-server checks whether it.Action == deny (https://github.com/corazawaf/coraza/blob/v2/master/examples/http-server/main.go#L99)
corazawaf/caddy checks whether it.Status > 0 https://github.com/corazawaf/coraza-caddy/blob/master/coraza.go#L211

sts commented 2 years ago

Redirect implemented in coraza v3, it.Action still needs exposure to haproxy.

Note: Redirect status cannot be determined by it.Status because of HAProxy short comings. Retrieving the status code by looking up a variable results in a haproxy parsing error, otherwise this works:

http-request redirect code 302 location %[var(txn.coraza.data)] if { var(txn.coraza.action) -m str redirect }