waf.proto

Package: envoy.config.filter.http.modsecurity.v2

Types:

Source File: github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/waf/waf.proto

AuditLogging

"action": .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogAction
"location": .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogLocation

Field Type Description Default
action .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogAction
location .envoy.config.filter.http.modsecurity.v2.AuditLogging.AuditLogLocation

AuditLogAction

Name Description
NEVER Never generate audit logs.
RELEVANT_ONLY When set to RELEVANT_ONLY, this will have similar behavior to SecAuditEngine RelevantOnly.
ALWAYS Always generate an audit log entry (as long as the filter is not disabled).

AuditLogLocation

Name Description
FILTER_STATE Add the audit log to the filter state. it will be under the key “io.solo.modsecurity.audit_log”. You can use this formatter in the access log: %FILTER_STATE(io.solo.modsecurity.audit_log)%
DYNAMIC_METADATA Add the audit log to the dynamic metadata. it will be under the filter name “io.solo.filters.http.modsecurity”. with “audit_log” as the key. You can use this formatter in the access log: %DYNAMIC_METADATA(“io.solo.filters.http.modsecurity:audit_log”)%

ModSecurity

"disabled": bool
"ruleSets": []envoy.config.filter.http.modsecurity.v2.RuleSet
"customInterventionMessage": string
"auditLogging": .envoy.config.filter.http.modsecurity.v2.AuditLogging
"regressionLogs": bool

Field Type Description Default
disabled bool Disable all rules on the current route.
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet Global rule sets for the current http connection manager.
customInterventionMessage string Custom message to display when an intervention occurs.
auditLogging .envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction’s audit log.
regressionLogs bool log in a format suited for the OWASP regression tests. this format is a multiline log format, so it is disabled for regular use. do not enable this in production!.

RuleSet

"ruleStr": string
"files": []string
"directory": string

Field Type Description Default
ruleStr string String of rules which are added directly.
files []string Array of files to include.
directory string A directory to include. all *.conf files in this directory will be included. sub directories will NOT be checked.

ModSecurityPerRoute

"disabled": bool
"ruleSets": []envoy.config.filter.http.modsecurity.v2.RuleSet
"customInterventionMessage": string
"auditLogging": .envoy.config.filter.http.modsecurity.v2.AuditLogging

Field Type Description Default
disabled bool Disable all rules on the current route.
ruleSets []envoy.config.filter.http.modsecurity.v2.RuleSet Overwrite the global rules on this route.
customInterventionMessage string Custom message to display when an intervention occurs.
auditLogging .envoy.config.filter.http.modsecurity.v2.AuditLogging This instructs the filter what to do with the transaction’s audit log.