Navigation :
Get started
Concepts
Setting up Gloo Mesh Enterprise
Process and route traffic
Control traffic with policies
Observability
GraphQL
Reference
-
API reference
-- access_log_policy.proto
-- access_logging.proto
-- access_policy.proto
-- accesslog.proto
-- address.proto
-- address.proto
-- address.proto
-- advanced_http.proto
-- any.proto
-- api.proto
-- api_gateway_transformer.proto
-- api_schema.proto
-- approval_state.proto
-- auth_config.proto
-- authority.proto
-- authorize.proto
-- aws_lambda.proto
-- backoff.proto
-- backoff.proto
-- base.proto
-- base.proto
-- base.proto
-- ca_options.proto
-- cache_filter.proto
-- clientmode.proto
-- collection_entry.proto
-- common.proto
-- config.proto
-- config.proto
-- config_source.proto
-- connection_policy.proto
-- consul_connect.proto
-- context_params.proto
-- core.proto
-- cors_policy.proto
-- csrf_policy.proto
-- cue.proto
-- custom_tag.proto
-- custom_tag.proto
-- dashboard.proto
-- deprecation.proto
-- descriptor.proto
-- descriptor.proto
-- discovery.proto
-- duration.proto
-- empty.proto
-- event_service_config.proto
-- ext.proto
-- ext_auth_policy.proto
-- ext_auth_server.proto
-- extension.proto
-- external_endpoint.proto
-- external_service.proto
-- failover_policy.proto
-- fault_injection_policy.proto
-- field_behavior.proto
-- field_mask.proto
-- gateway_lifecycle_manager.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- generated.proto
-- gogo.proto
-- graphql.proto
-- graphql_resolver_map.proto
-- graphql_stitched_schema.proto
-- grpc_service.proto
-- header_manipulation.proto
-- health_check.proto
-- http.proto
-- http_matchers.proto
-- http_path.proto
-- http_uri.proto
-- http_uri.proto
-- http_uri.proto
-- istio_lifecycle_manager.proto
-- istio_operator.proto
-- json_grpc_transcoder.proto
-- jwt_policy.proto
-- keepalive.proto
-- key.proto
-- kubernetes_cluster.proto
-- locality.proto
-- metadata.proto
-- metadata.proto
-- metadata.proto
-- metrics.proto
-- migrate.proto
-- mirror_policy.proto
-- modsecurity.proto
-- nats_streaming.proto
-- number.proto
-- operator.proto
-- outlier_detection_policy.proto
-- payload.proto
-- percent.proto
-- percent.proto
-- percent.proto
-- percent.proto
-- phase.proto
-- port.proto
-- protocol.proto
-- proxy_protocol.proto
-- proxy_protocol.proto
-- proxy_protocol_policy.proto
-- proxylatency.proto
-- range.proto
-- range.proto
-- ratelimit.proto
-- ratelimit_client_config.proto
-- ratelimit_policy.proto
-- ratelimit_server_config.proto
-- ratelimit_server_settings.proto
-- ref.proto
-- references.proto
-- regex.proto
-- regex.proto
-- resource.proto
-- resource_locator.proto
-- retry_timeout_policy.proto
-- root_trust_policy.proto
-- route.proto
-- route_components.proto
-- route_components.proto
-- route_table.proto
-- sanitize.proto
-- security.proto
-- selectors.proto
-- semantic_version.proto
-- semantic_version.proto
-- semantic_version.proto
-- sensitive.proto
-- socket_option.proto
-- socket_option.proto
-- socket_option.proto
-- solo-kit.proto
-- solo_jwt_authn.proto
-- solo_xff_offset_filter.proto
-- source_context.proto
-- status.proto
-- status.proto
-- stitching.proto
-- string.proto
-- string.proto
-- string_match.proto
-- struct.proto
-- timestamp.proto
-- trace.proto
-- trace_config.proto
-- transformation_ee_filter.proto
-- transformation_filter.proto
-- transformation_policy.proto
-- type.proto
-- validate.proto
-- value.proto
-- vault_ca.proto
-- versioning.proto
-- virtual_destination.proto
-- virtual_gateway.proto
-- waf_policy.proto
-- wasm_deployment_policy.proto
-- workspace.proto
-- workspace_settings.proto
-- wrappers.proto
-- xslt_transformer.proto
-
CLI reference
-
Helm value reference
-
Version reference
- Changelog
-
Security and CVE report
Troubleshoot issues
Get help and support
modsecurity.proto
Package : envoy.config.filter.http.modsecurity.v2
Top
modsecurity.proto
Table of Contents
AuditLogging
ModSecurity
Field
Type
Label
Description
disabled
bool
Disable all rules on the current route
ruleSets
[]envoy.config.filter.http.modsecurity.v2.RuleSet
repeated
Global rule sets for the current http connection manager
customInterventionMessage
string
Custom message to display when an intervention occurs
auditLogging
envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction's audit log.
requestHeadersOnly
bool
If set, the body will not be buffered and fed to ModSecurity. Only the headers will. This can help improve perforance.
responseHeadersOnly
bool
regressionLogs
bool
log in a format suited for the OWASP regression tests. this format is a multiline log format, so it is disabled for regular use. do not enable this in production!
dlpTransformation
envoy.config.filter.http.transformation_ee.v2.DlpTransformation
ModSecurityPerRoute
RuleSet
Field
Type
Label
Description
ruleStr
string
String of rules which are added directly
files
[]string
repeated
Array of files to include
directory
string
A directory to include. all *.conf files in this directory will be included. sub directories will NOT be checked.
AuditLogging.AuditLogAction
Name
Number
Description
NEVER
0
Never generate audit logs.
RELEVANT_ONLY
1
When set to RELEVANT_ONLY, this will have similar behavior to SecAuditEngine RelevantOnly.
ALWAYS
2
Always generate an audit log entry (as long as the filter is not disabled).
AuditLogging.AuditLogLocation
Name
Number
Description
FILTER_STATE
0
Add the audit log to the filter state. it will be under the key “io.solo.modsecurity.audit_log”. You can use this formatter in the access log: %FILTER_STATE(io.solo.modsecurity.audit_log)%
DYNAMIC_METADATA
1
Add the audit log to the dynamic metadata. it will be under the filter name “io.solo.filters.http.modsecurity”. with “audit_log” as the key. You can use this formatter in the access log: %DYNAMIC_METADATA(io.solo.filters.http.modsecurity:audit_log)%
