From bd991ed2a6eb9cff4d0144131413eebadb5959ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20W=C3=B6hrl?= Date: Sat, 14 Oct 2023 11:30:08 +0200 Subject: [PATCH] add readme --- README.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bf6b3b7..65dfe28 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,10 @@ Targets: ``` ### Building requirements + Building the filter requires: -- [Go](https://go.dev/doc/install) + +- [Go](https://go.dev/doc/install) - [TinyGo](https://tinygo.org/getting-started/install/) Up to date required versions can be found looking at [`minGoVersion` and `tinygoMinorVersion` variables](./magefiles/magefile.go). @@ -39,6 +41,22 @@ go run mage.go build You will find the WASM plugin under `./build/main.wasm`. +### Building with `geoipLookup` Support + +1. **Provide Database File**: Ensure you have a GeoIP2 ([oschwald/geoip2-golang](https://github.com/oschwald/geoip2-golang)) compatible database. Place this file with the name `geoip.mmdb` in the project's root folder. + +2. **Choose Database Preference:** Depending on the type of the database you desire, set the `GEOIP` environment variable to either of the following: + + - For city-level database: `GEOIP=CITY` + - For country-level database: `GEOIP=COUNTRY` + +3. **Build the Project:** With the appropriate `GEOIP` variable set, proceed to build the project. + + ```bash + export GEOIP=CITY + go run mage.go build + ``` + ### Multiphase By default, coraza-proxy-wasm runs with multiphase evaluation enabled (See [coraza.rule.multiphase_evaluation](.magefiles/magefile.go) build tag). It enables the evaluation of rule variables in the phases that they are ready for, potentially anticipating the phase the rule is defined for. This feature suits coraza-proxy-wasm, and specifically Envoy request lifecycle, aiming to inspect data that has been received so far as soon as possible. It leads to enforce actions the earliest possible, avoiding WAF bypasses. This functionality, in conjunction with the [early blocking CRS feature](#recommendations-using-crs-with-proxy-wasm), permits to effectively raise the anomaly score and eventually drop the request at the earliest possible phase.