search

corazawaf / coraza-spoa

EXPERIMENTAL: A wrapper around the OWASP Coraza WAF for HAProxy's SPOE filters
Apache License 2.0
74 stars 16 forks source link

Fetch methods for app parameter #94

Open jvinolas opened 8 months ago

jvinolas commented 8 months ago

Related to https://github.com/corazawaf/coraza-spoa/issues/92, is there any other fetch method that can be used? I tried to set a new header and try to get it into spoe app parameter without success.

Haproxy frontend http-request add-header X-App open SPOE spoe-message coraza-req args app=req.hdr(X-App) id=unique-id src-ip=src...

And coraza logs:

{"level":"debug","ts":1699303677.986173,"msg":"application not found, using default","application":"","default":"open"}

(of course, I have two apps that I want to set up different) UPDATE: The header is not being added in haproxy. Is this an expected behaviour when using spoe filters?

sts commented 8 months ago

never tried to use pass by a header, wanna try using http-request set-var instead?

jvinolas commented 8 months ago

I've already tried with no success: It seems the filter is getting the 'raw' input request without any previous modifications done. As I want to use different configs for different paths I think the only way will be tu use acl in spoa. If you've got any other idea...

zc-devs commented 8 months ago

I tried to set a new header and try to get it into spoe app parameter without success

If you use event on-frontend-http-request, then works as intended:

Triggered just before the evaluation of http-request rules in a frontend

mamedin commented 2 months ago

Using haproxy 2.8.9 I had to use proc.var_name instead of rtx.var_name. I wanted to use a variable for the app_name, based on hdr(host), so in frontend:

    # Define coraza app variable
    http-request set-var(proc.coraza_app) str(default_app)
    http-request set-var(proc.coraza_app) str(myapp_app) if { hdr(host) -i www.example.com }

In /etc/haproxy/coraza.conf:

 spoe-message coraza-req
    args app=var(proc.coraza_app) id=unique-id src-ip=src src-port=src_port dst-ip=dst dst-port=dst_port method=method path=path query=query version=req.ver headers=req.hdrs body=req.body
    event on-frontend-http-request

spoe-message coraza-res
    args app=var(proc.coraza_app) id=unique-id version=res.ver status=status headers=res.hdrs body=res.body
    event on-http-response

It is working fine with proc.var_name but was failing using txn.var_name