waf.proto

Package: envoy.config.filter.http.modsecurity.v2

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/waf/waf.proto

AuditLogging

"action": .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogAction
"location": .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogLocation

Field Type Description Default
action .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogAction
location .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogLocation

AuditLogAction

Name Description
NEVER Never generate audit logs.
RELEVANT_ONLY When set to RELEVANT_ONLY, this will have similar behavior to SecAuditEngine RelevantOnly.
ALWAYS Always generate an audit log entry (as long as the filter is not disabled).

AuditLogLocation

Name Description
FILTER_STATE Add the audit log to the filter state. it will be under the key “io.solo.modsecurity.audit_log”. You can use this formatter in the access log: %FILTER_STATE(io.solo.modsecurity.audit_log)%
DYNAMIC_METADATA Add the audit log to the dynamic metadata. it will be under the filter name “io.solo.filters.http.modsecurity”. with “audit_log” as the key. You can use this formatter in the access log: %DYNAMIC_METADATA(“io.solo.filters.http.modsecurity:audit_log”)%

ModSecurity

"disabled": bool
"ruleSets": []envoy.config.filter.http.modsecurity.v2.RuleSet
"customInterventionMessage": string
"auditLogging": .envoy.config.filter.http.modsecurity.v2.AuditLogging
"requestHeadersOnly": bool
"responseHeadersOnly": bool
"regressionLogs": bool

Field Type Description Default
disabled bool Disable all rules on the current route.
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet Global rule sets for the current http connection manager.
customInterventionMessage string Custom message to display when an intervention occurs.
auditLogging .envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction’s audit log.
requestHeadersOnly bool If set, the body will not be buffered and fed to ModSecurity. Only the headers will. This can help improve performance.
responseHeadersOnly bool
regressionLogs bool log in a format suited for the OWASP regression tests. this format is a multiline log format, so it is disabled for regular use. do not enable this in production!.

RuleSet

"ruleStr": string
"files": []string
"directory": string

Field Type Description Default
ruleStr string String of rules which are added directly.
files []string Array of files to include.
directory string A directory to include. all *.conf files in this directory will be included. sub directories will NOT be checked.

ModSecurityPerRoute

"disabled": bool
"ruleSets": []envoy.config.filter.http.modsecurity.v2.RuleSet
"customInterventionMessage": string
"auditLogging": .envoy.config.filter.http.modsecurity.v2.AuditLogging
"requestHeadersOnly": bool
"responseHeadersOnly": bool

Field Type Description Default
disabled bool Disable all rules on the current route.
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet Overwrite the global rules on this route.
customInterventionMessage string Custom message to display when an intervention occurs.
auditLogging .envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction’s audit log.
requestHeadersOnly bool If set, the body will not be buffered and fed to ModSecurity. Only the headers will. This can help improve performance.
responseHeadersOnly bool