Comments (7)
JsdBEnZ7Rt9orgOfa1Ep1e4n
commented on September 21, 2024
Same for me, for the moment i use this trick
from modsecurity-spoa.
sstsarel
commented on September 21, 2024
I already tried this but it doesn't work for me(((
I raise a container on another node
docker run -p 12345:12345 -v $PWD/modsecurity:/etc/modsecurity -d quay.io/jcmoraisjr/modsecurity-spoa -n 1
on haproxy I have it like this
`global
daemon
user haproxy
group haproxy
chroot /var/lib/haproxy
maxconn 4096
log localhost local0
log-send-hostname
stats socket /run/haproxy-master.sock mode 660 level admin
stats timeout 60s
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch 1
retries 3
retry-on all-retryable-errors
timeout http-request 180s
timeout client 300s
timeout queue 60s
timeout connect 300s
timeout server 300s
timeout check 10s
timeout http-keep-alive 10s
backend my_backend
balance roundrobin
server server1 10.0.0.1:80 check
server server2 10.0.0.2:80 check
backend spoe-modsecurity
mode tcp
timeout connect 5s
timeout server 3m
server modsec-spoa1 10.0.0.3:12345
frontend fe_main
bind :80
unique-id-format %{+X}o\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid
unique-id-header X-Unique-ID
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r %[unique-id]"
filter spoe engine modsecurity config /etc/haproxy/spoe-modsecurity.conf
http-request deny if { var(txn.modsec.code) -m int gt 0 }
default_backend my_backend`
but in the logs
1697228856.345744 [00] [client 127.0.0.1] ModSecurity: Warning. Matched phrase "etc/passwd"
I still don’t understand why logs are not written to
SecAuditLogType Serial
SecAuditLog /var/log/moaudit.log
SecAuditLogFormat JSON
moaudit.log file is empty
from modsecurity-spoa.
sstsarel
commented on September 21, 2024
Tell me why not all parameters are accepted?
Maybe because of this the normal IP is not transmitted?
spoe-message check-request
args unique-id method path query req.ver req.hdrs_bin req.body_size req.body
spoe-message check-request
args unique-id src src_port dst dst_port method path query req.ver req.hdrs_bin req.body_size req.body
from modsecurity-spoa.
JsdBEnZ7Rt9orgOfa1Ep1e4n
commented on September 21, 2024
This solution works
Use this fork : https://github.com/infra-octave/spoa-modsecurity
spoe-modsecurity.conf
[modsecurity]
spoe-agent modsecurity-agent
messages check-request
option var-prefix modsec
timeout hello 100ms
timeout idle 30s
timeout processing 1s
use-backend spoe-modsecurity
spoe-message check-request
args unique-id method path query req.ver req.hdrs_bin req.body_size req.body src src_port dst_port
event on-frontend-http-request
from modsecurity-spoa.
sstsarel
commented on September 21, 2024
Это решение работает
Use this fork : https://github.com/infra-octave/spoa-modsecurity
spoe-modsecurity.conf
[modsecurity] spoe-agent modsecurity-agent messages check-request option var-prefix modsec timeout hello 100ms timeout idle 30s timeout processing 1s use-backend spoe-modsecurity spoe-message check-request args unique-id method path query req.ver req.hdrs_bin req.body_size req.body src src_port dst_port event on-frontend-http-request
Well, I wanted to figure out why the docker from this turnip does not work as expected
compiling from the source I got the desired result, but using this image I get the wrong client IP
from modsecurity-spoa.
mat1010
commented on September 21, 2024
This solution works
Use this fork : https://github.com/infra-octave/spoa-modsecurity
spoe-modsecurity.conf
[modsecurity] spoe-agent modsecurity-agent messages check-request option var-prefix modsec timeout hello 100ms timeout idle 30s timeout processing 1s use-backend spoe-modsecurity spoe-message check-request args unique-id method path query req.ver req.hdrs_bin req.body_size req.body src src_port dst_port event on-frontend-http-request
haproxy/spoa-modsecurity@master...infra-octave:spoa-modsecurity:master#diff-8c7cd210990f9430651c54ed753427ec1bb59cc3f4ae2003daed70f490e3a6d0R251
This only works for ipv4, right?
from modsecurity-spoa.
JsdBEnZ7Rt9orgOfa1Ep1e4n
commented on September 21, 2024
This solution works
Use this fork : https://github.com/infra-octave/spoa-modsecurity
spoe-modsecurity.conf[modsecurity] spoe-agent modsecurity-agent messages check-request option var-prefix modsec timeout hello 100ms timeout idle 30s timeout processing 1s use-backend spoe-modsecurity spoe-message check-request args unique-id method path query req.ver req.hdrs_bin req.body_size req.body src src_port dst_port event on-frontend-http-requesthaproxy/[email protected]:spoa-modsecurity:master#diff-8c7cd210990f9430651c54ed753427ec1bb59cc3f4ae2003daed70f490e3a6d0R251 This only works for ipv4, right?
I don't test with ipv6
from modsecurity-spoa.
Related Issues (15)
- Tweak readme.MD HOT 1
- Plans to move to V3 of ModSecurity? HOT 5
- centos 7 HOT 1
- setvar from haproxy HOT 9
- Request to spoa does not send original source ip HOT 1
- Version update HOT 3
- Haproxy doesn't send requests to ModSecurity HOT 1
- StatusCallEngine Call Failed
- Multipart parsing error: Multipart: Final boundary missing HOT 3
- What the best way to update CRS and reload spoa ? HOT 6
- 403 on id 920420 for ActiveSync traffic HOT 3
- Feature Request: Multi-Platform Image HOT 3
- Suppress loggning of "clients connected" possible ? HOT 4
- Build without docker succeeds but modsecurity is not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity-spoa.