Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AppSec integration #57

Merged
merged 11 commits into from
Dec 4, 2024
Merged

Add AppSec integration #57

merged 11 commits into from
Dec 4, 2024

Conversation

hslatman
Copy link
Owner

No description provided.

@hslatman hslatman changed the title Add foundation for AppSec integration Add AppSec integration Nov 15, 2024
@hslatman hslatman mentioned this pull request Nov 15, 2024
Closed
@hslatman hslatman linked an issue Nov 15, 2024 that may be closed by this pull request
[Feature] AppSec Integration #37
Closed
@Simbiat
Copy link

Simbiat commented Nov 18, 2024

this will probably require some update to documentation, too. At least I'd expect it to require some extra setup, that should be documented.

@hslatman
Copy link
Owner Author

hslatman commented Nov 18, 2024
edited
Loading

this will probably require some update to documentation, too. At least I'd expect it to require some extra setup, that should be documented.

Absolutely. I've already prepared something in e50ba57.

Main changes are addition of the appsec_url in the global crowdsec configuration (because the AppSec component is served separately in CrowdSec), and the new appsec HTTP handler directive. I've chosen to make it a totally separate HTTP handler, because that would keep things simple, while remaining flexible, i.e. enabling just the (current) Bouncer decisions, just the new AppSec behavior or both. In terms of performance the Bouncer check will always be quicker, so it's advised to order the HTTP handlers with crowdsec first, and then appsec.

In addition to that I've removed the (full) JSON configuration, because support fort the layer4 connection matcher was added recently too.

@hslatman hslatman marked this pull request as ready for review December 4, 2024 22:37
hslatman added 11 commits December 4, 2024 23:41
@hslatman
Add foundation for AppSec integration
d12c377
@hslatman
Enforce AppSec component rule evaluation results
52328ea 
This commit ensures that responses from the CrowdSec `AppSec`
remediation component are properly evaluated and acted upon.

The `AppSec` support can be enabled either as a dedicated handler
by configuring a route to have the `appsec` directive. That will
use the `http.handlers.appsec` module. It also enables `AppSec`
checks on the  the HTTP handler configured through the `crowdsec`
directive using the `http.handlers.crowdsec` module by default.

In a future commit `AppSec` support will be enabled based on
configuration on the `http.handlers.crowdsec` component.
@hslatman
Reduce some duplicate logic supporting both HTTP and AppSec
082b226
@hslatman
Update README.md with AppSec and Caddyfile support
c27081d
@hslatman
Add HTTP Bouncer and AppSec integration tests
3ce8c42
@hslatman
Fix linter issue
5c65ea6
@hslatman
Fix integration test for AppSec
2153e8a
@hslatman
Improve AppSec request header handling and tests
d42bf76
@hslatman
Add two additional tests for AppSec POST requests
098ef32 
This commit explicitly sets the content length of the request, so
that CrowdSec actually reads the request body, instead of skipping
it. Two new tests that involve an HTTP request body have been added
as integration tests.
@hslatman
Amend comment regarding AppSec POST request content length
98598e1
@hslatman
Support setting a maximum AppSec request body size
f7ebfa3
@hslatman hslatman merged commit 982ac18 into main Dec 4, 2024
2 checks passed
@hslatman hslatman deleted the appsec branch December 4, 2024 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature] AppSec Integration
2 participants
@hslatman @Simbiat