Haproxy doesn't send requests to ModSecurity

[evasokolova1f]

CentOS 7, haproxy HAProxy version 2.4.17-9f97155 2022/05/13

Hello!

I'm using docker from this repo with default configs. Start it with command to run it only on localhost: docker run -d -p 127.0.0.1:12345:12345 -v $PWD/modsecurity:/etc/modsecurity quay.io/jcmoraisjr/modsecurity-spoa -n 1

In haproxy.cfg I added:

frontend portal 
    bind 0.0.0.0:9443 ssl crt /etc/haproxy/xxx.pem 
    bind 0.0.0.0:9080
    mode http
    filter spoe engine modsecurity config /etc/haproxy/spoe-modsecurity.conf
    http-request deny if { var(txn.modsec.code) -m int gt 0 }
    ........

backend spoe-modsecurity
    mode tcp
    server modsec-spoa1 127.0.0.1:12345

But in docker logs of ModSecurity container I don't see connected clients and requests doesn't block:

Using options: -n 1
Using config files:
  - /etc/modsecurity/modsecurity.conf
  - /etc/modsecurity/owasp-modsecurity-crs.conf
1655810827.029327 [00] ModSecurity for nginx (STABLE)/2.9.5 (http://www.modsecurity.org/) configured.
1655810827.029356 [00] ModSecurity: APR compiled version="1.7.0"; loaded version="1.7.0"
1655810827.029362 [00] ModSecurity: PCRE compiled version="8.44 "; loaded version="8.44 2020-02-12"
1655810827.029366 [00] ModSecurity: YAJL compiled version="2.1.0"
1655810827.029369 [00] ModSecurity: LIBXML compiled version="2.9.12"
1655810827.029419 [00] ModSecurity: StatusEngine call: "2.9.5,nginx,1.7.0/1.7.0,8.44/8.44 2020-02-12,(null),2.9.12,18"
1655810832.034177 [00] ModSecurity: StatusEngine call failed. Query: GIXDSLRVFRXGO2LOPAWDCLRXFYYC6MJO.G4XDALBYFY2DILZYFY2DIIBSGAZDALJQ.GIWTCMRMFBXHK3DMFEWDELRZFYYTELBR.HA.1655810827.status.modsecurity.org
1655810837.040252 [01] 0 clients connected
1655810842.040895 [01] 0 clients connected
1655810847.037005 [01] 0 clients connected
1655810852.040456 [01] 0 clients connected
1655810857.037018 [01] 0 clients connected
1655810862.038020 [01] 0 clients connected
1655810867.037991 [01] 0 clients connected
1655810872.037994 [01] 0 clients connected

In my equal test environment all is ok, malicious request successfully blocked.

Can you help me, please?

[labros-zotos]

Hi, I am having a similar issue. Did you find what was wrong?