csp-server icon indicating copy to clipboard operation
csp-server copied to clipboard

Published 20 hours ago verified publisher icon seek-oss

Metadata

CSP (Content Security Policy) reports server which forwards reports to Elasticsearch.

CSP Server and Elasticsearch Feeder

CSP violation report endpoint using Elasticsearch as storage. Basically a https://report-uri.io/ alternative.

It is a Node.js application designed to receive CSP (Content Security Policy) reports and inject them in Elasticsearch for analysis.

  • Node application uses http://restify.com/ framework
  • The application has been tested in Ubuntu 14.04 LTS and 16.04 LTS (both 64-bit).

Components

  • bash : (optional) Scripts to rotate old indexes (indices) in Elasticsearch
  • example : (optional) Example of a CSP Report this server is meant to receive
  • infrastructure : (optional) Scripts to create the server and services using AWS PowerShell CLI
  • nginx : Configuration file for Nginx
  • nodejs : Node.js application that gets the CSP Reports and sends them to Elasticsearch

Infrastructure

This project was implemented and tested using Amazon AWS services in the following way:

AWS EC2 (Linux) running Nginx and Node.js -> AWS Elasticsearch Service

Install

TLDR;

  • Checkout this project in your server
git clone [email protected]:seek-oss/csp-server.git
  • Edit nodejs/config.js and set the Elasticsearch URL, port and version
  • Start nodejs application with nodejs/server.js 
node ./nodejs/server.js

This way the Node.js appliation will listen in the configured port and process POST requests containing CSP reports. Each POST will be sent to Elasticsearch into indices named cspdata-YYYYMMDD

Endpoints:

  • POST http://localhost:9000/index - CSP report in json format
  • GET http://localhost:9000/_healthcheck - health check

For details on how to configure a server to support https (SSL) using Nginx, Node as service using PM2 manager, log rotation and setting up Elasticsearch in AWS continue reading:

1. Create infrastructure

In this project we create the AWS resources using AWS CLI.

  • EC2 in AWS running Ubuntu - Instructions here: infrastructure
  • Elasticsearch in AWS - Instructions here: infrastructure

2. Configure server

  • Install Nginx - Instructions here: nginx

  • Install Node - Instructions here: nodejs

  • Configure Elasticsearch - Instructions here: elasticsearch

  • Configure rotation scripts - Instructions here: bash

3. Get the CSP reports

Get your customers to start sending CSP reports to your server

README2.md

Sceenshots

Metadata

56
Stars
16
Forks
Watchers

Owner

verified publisher icon seek-oss

Metadata

CSP (Content Security Policy) reports server which forwards reports to Elasticsearch.

Back