traefik-modsecurity-plugin
traefik-modsecurity-plugin copied to clipboard
return 403 for blocked request
Hi, thanks for your work, it's working great. I'm just curious why blocked requests get a response with the code 200. Only the body tells you, that the request resulted in a 403. I would expect that a blocked request gets a 403-response. Is this a design choice or are there technical difficulties in bypassing the http code?
current state:
$ http get "http://localhost:8000/website?path=../etc"
... 200 OK ...
expectation:
$ http get "http://localhost:8000/website?path=../etc"
... 403 forbidden ...
Thanks:) Lukas
Hi, I have some more information to this issue. I tried to install this plugin locally, without traefik-pilot(see: https://traefik.io/blog/using-private-plugins-in-traefik-proxy-2-5/). And now it's working as expected. The response status_code is 403 for blocked requests.
problematic config(returns 200 for blocked requests):
- --pilot.token=XXX
- --experimental.plugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin
- --experimental.plugins.traefik-modsecurity-plugin.version=v1.0.1
working config(returns 403 for blocked requests):
I've mounted your repository to /plugins-local/src/github.com/acouvreur/traefik-modsecurity-plugin
inside the container and changed the command-part inside docker-compose.yml:
- --experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin
My plan was anyway to use local plugins, so for me it's not a problem anymore.