apisix-ingress-controller icon indicating copy to clipboard operation
apisix-ingress-controller copied to clipboard

Published 20 hours ago verified publisher icon apache

request help: auditlog not working in apisix with coraza-filter

Open donghuuhieu137 opened this issue 1 year ago • 3 comments

Issue description

I am using Openshift version 4.13, I deployed apisix using HelmChart apisix and added coroza-filter plugin, below is the route configuration:

{
  "uri": "/anything",
  "name": "test",
  "methods": [
    "GET",
    "POST",
    "PUT",
    "DELETE",
    "PATCH",
    "HEAD",
    "OPTIONS",
    "CONNECT",
    "TRACE",
    "PURGE"
  ],
  "plugins": {
    "coraza-filter": {
      "_meta": {
        "disable": false
      },
      "conf": {
        "default_directives": "default",
        "directives_map": {
          "default": [
            "SecRuleEngine On",
            "SecRule REQUEST_HEADERS:Content-Type \"(?:application(?:/soap\\+|/)|text/)xml\" \"id:'200000',phase:1,t:none,t:lowercase,pass,ctl:requestBodyProcessor=XML\"",
            "Include @crs-setup-demo-conf",
            "SecAuditEngine On",
            "SecAuditLogType Serial",
            "SecAuditLog /usr/local/apisix/logs/audit.log",
            "SecAuditLogParts ABCFGHIJKZ"
          ]
        }
      }
    }
  },
  "upstream": {
    "nodes": [
      {
        "host": "httpbin.org",
        "port": 80,
        "weight": 1
      }
    ],
    "timeout": {
      "connect": 6,
      "send": 6,
      "read": 6
    },
    "type": "roundrobin",
    "scheme": "http",
    "pass_host": "pass",
    "keepalive_pool": {
      "idle_timeout": 60,
      "requests": 1000,
      "size": 320
    }
  },
  "status": 1
}

When I call the request:

curl -H "Content-Type: text/xml" http://xxx.xxx.xxx.xxx:31680/anything -i

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 425
Connection: keep-alive
Date: Wed, 29 Nov 2023 09:34:58 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Server: APISIX/3.7.0

{
  "args": {}, 
  "data": "", 
  "files": {}, 
  "form": {}, 
  "headers": {
    "Accept": "*/*", 
    "Content-Type": "text/xml", 
    "Host": "", 
    "User-Agent": "curl/8.1.2", 
    "X-Amzn-Trace-Id": "Root=1-656705c2-3508cb3774c4398c105dc56d", 
    "X-Forwarded-Host": "xxx.xxx.xxx.xxx"
  }, 
  "json": null, 
  "method": "GET", 
  "origin": "xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx", 
  "url": "http://xxx.xxx.xxx.xxx/anything"
}```

But when I cat file /usr/local/apisix/logs/audit.log , there's no logs found, I checked log in pod but no log show that auditlog is written

What could be the problem ?

### Environment

- your apisix-ingress-controller version (output of apisix-ingress-controller version --long):
- your Kubernetes cluster version (output of kubectl version): 
- if you run apisix-ingress-controller in Bare-metal environment, also show your OS version (uname -a): apisix 3.7

donghuuhieu137 avatar Nov 29 '23 10:11 donghuuhieu137

Do you have a wasm plugin in your container

DokiDoki1103 avatar Nov 30 '23 03:11 DokiDoki1103

Do you have a wasm plugin in your container

yes, I added wasm configuration in /usr/local/apisix/conf/config.yaml

wasm:
  plugins:
    - name: coraza-filter
      priority: 7999
      file: /plugins/coraza-proxy-wasm.wasm

I tested coraza-filter rule and it worked ok, as well as file-log plugin

donghuuhieu137 avatar Nov 30 '23 03:11 donghuuhieu137

This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the [email protected] list. Thank you for your contributions.

github-actions[bot] avatar Feb 29 '24 01:02 github-actions[bot]

This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.

github-actions[bot] avatar Mar 31 '24 01:03 github-actions[bot]