waf.proto

Package: envoy.config.filter.http.modsecurity.v2

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/waf/waf.proto

AuditLogging

"action": .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogAction
"location": .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogLocation

Field Type Description
action .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogAction
location .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogLocation

AuditLogAction

Name Description
NEVER Never generate audit logs.
RELEVANT_ONLY When set to RELEVANT_ONLY, this will have similar behavior to SecAuditEngine RelevantOnly.
ALWAYS Always generate an audit log entry (as long as the filter is not disabled).

AuditLogLocation

Name Description
FILTER_STATE Add the audit log to the filter state. it will be under the key “io.solo.modsecurity.audit_log”. You can use this formatter in the access log: %FILTER_STATE(io.solo.modsecurity.audit_log)%
DYNAMIC_METADATA Add the audit log to the dynamic metadata. it will be under the filter name “io.solo.filters.http.modsecurity”. with “audit_log” as the key. You can use this formatter in the access log: %DYNAMIC_METADATA(“io.solo.filters.http.modsecurity:audit_log”)%

ModSecurity

"disabled": bool
"ruleSets": []envoy.config.filter.http.modsecurity.v2.RuleSet
"customInterventionMessage": string
"auditLogging": .envoy.config.filter.http.modsecurity.v2.AuditLogging
"requestHeadersOnly": bool
"responseHeadersOnly": bool
"regressionLogs": bool
"dlpTransformation": .envoy.config.filter.http.transformation_ee.v2.DlpTransformation

Field Type Description
disabled bool Disable all rules on the current route.
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet Global rule sets for the current http connection manager.
customInterventionMessage string Custom message to display when an intervention occurs.
auditLogging .envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction’s audit log.
requestHeadersOnly bool If set, the body will not be buffered and fed to ModSecurity. Only the headers will. This can help improve performance.
responseHeadersOnly bool
regressionLogs bool log in a format suited for the OWASP regression tests. this format is a multiline log format, so it is disabled for regular use. do not enable this in production!.
dlpTransformation .envoy.config.filter.http.transformation_ee.v2.DlpTransformation

RuleSet

"ruleStr": string
"files": []string
"directory": string

Field Type Description
ruleStr string String of rules which are added directly.
files []string Array of files with rules to include. Any subsequent changes to the rules in these files are not automatically updated. To update rules from files, version and update the file name. If you want dynamically updated rules, use the configMapRuleSets option instead.
directory string A directory to include. all *.conf files in this directory will be included. sub directories will NOT be checked.

ModSecurityPerRoute

"disabled": bool
"ruleSets": []envoy.config.filter.http.modsecurity.v2.RuleSet
"customInterventionMessage": string
"auditLogging": .envoy.config.filter.http.modsecurity.v2.AuditLogging
"requestHeadersOnly": bool
"responseHeadersOnly": bool
"dlpTransformation": .envoy.config.filter.http.transformation_ee.v2.DlpTransformation

Field Type Description
disabled bool Disable all rules on the current route.
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet Overwrite the global rules on this route.
customInterventionMessage string Custom message to display when an intervention occurs.
auditLogging .envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction’s audit log.
requestHeadersOnly bool If set, the body will not be buffered and fed to ModSecurity. Only the headers will. This can help improve performance.
responseHeadersOnly bool
dlpTransformation .envoy.config.filter.http.transformation_ee.v2.DlpTransformation