traefik-modsecurity-plugin
traefik-modsecurity-plugin copied to clipboard
acouvreur
Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container
Hello there, I am not sure if this or main plugin is correct place to ask about it but as Authelia is more of docker/traefik thing I will ask here....
Hello, traefik threw this error: ``` level=error msg="plugins-storage/sources/gop-310462375/src/github.com/acouvreur/traefik-modsecurity-plugin/modsecurity.go:56:5: panic" plugin=plugin-traefik-modsecurity-plugin module=github.com/acouvreur/traefik-modsecurity-plugin ``` Unfortunately I don't have much more information as I don't have any traefik logs enabled at the moment..
I'm not sure if the plugin is causing this, or if it's the owasp container. That's why I opened the same issue on the owasp container: https://github.com/coreruleset/modsecurity-crs-docker/issues/85 I have a...
Hi, thanks for your work, it's working great. I'm just curious why blocked requests get a response with the code 200. Only the body tells you, that the request resulted...
Benchmark using https://github.com/codesenberg/bombardier **Traefik access without WAF** ``` bombardier http://localhost:8000/no-waf Bombarding http://localhost:8000/no-waf for 10s using 125 connection(s) [===============================================================================================================] 10s Done! Statistics Avg Stdev Max Reqs/sec 14430.33 1895.67 17523.04 Latency 8.66ms...
I see that the middleware is ignoring websocket requests here: https://github.com/acouvreur/traefik-modsecurity-plugin/blob/19cdb477b8cee1966ad95278d168ae90a93df663/modsecurity.go#L56 Why is that? A request for WebSocket is actually a valid HTTP request, which may contains spurious/malicious data. Also,...
Hi, We recently added this plugin to our services and had no issues until we tried to upload a large file, upon which we were getting the error `body max...
I'm have read the doc from this project and https://github.com/coreruleset/modsecurity-crs-docker/tree/master Everything works but as son as I enable the modsecurity middleware I get a blank page. Any idea what I'm...
In your compose, reference to Whoami is outdated since 3 years :p Please update to: traefik/whoami I'm also testing these settings to modsecurity-crs to help speedup things: environment: PARANOIA: 1...
Hello when I try to save my keepass database with the waf middleware in traefik it fails. I'm getting an error. If I disable the middleware it's ok. Can you...
