modsecurity.proto

Package : envoy.config.filter.http.modsecurity.v2

Top

modsecurity.proto

Table of Contents

AuditLogging

Field Type Label Description
action envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogAction
location envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogLocation

ModSecurity

Field Type Label Description
disabled bool Disable all rules on the current route
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet repeated Global rule sets for the current http connection manager
customInterventionMessage string Custom message to display when an intervention occurs
auditLogging envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction's audit log.
requestHeadersOnly bool If set, the body will not be buffered and fed to ModSecurity. Only the headers will. This can help improve perforance.
responseHeadersOnly bool
regressionLogs bool log in a format suited for the OWASP regression tests. this format is a multiline log format, so it is disabled for regular use. do not enable this in production!

ModSecurityPerRoute

Field Type Label Description
disabled bool Disable all rules on the current route
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet repeated Overwrite the global rules on this route
customInterventionMessage string Custom message to display when an intervention occurs
auditLogging envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction's audit log.
requestHeadersOnly bool If set, the body will not be buffered and fed to ModSecurity. Only the headers will. This can help improve perforance.
responseHeadersOnly bool

RuleSet

Field Type Label Description
ruleStr string String of rules which are added directly
files []string repeated Array of files to include
directory string A directory to include. all *.conf files in this directory will be included. sub directories will NOT be checked.

AuditLogging.AuditLogAction

Name Number Description
NEVER 0 Never generate audit logs.
RELEVANT_ONLY 1 When set to RELEVANT_ONLY, this will have similar behavior to SecAuditEngine RelevantOnly.
ALWAYS 2 Always generate an audit log entry (as long as the filter is not disabled).

AuditLogging.AuditLogLocation

Name Number Description
FILTER_STATE 0 Add the audit log to the filter state. it will be under the key “io.solo.modsecurity.audit_log”. You can use this formatter in the access log: %FILTER_STATE(io.solo.modsecurity.audit_log)%
DYNAMIC_METADATA 1 Add the audit log to the dynamic metadata. it will be under the filter name “io.solo.filters.http.modsecurity”. with “audit_log” as the key. You can use this formatter in the access log: %DYNAMIC_METADATA(io.solo.filters.http.modsecurity:audit_log)%