Skip to content

Commit

Permalink
enforces prefix, comments in recommended confs
Browse files Browse the repository at this point in the history
  • Loading branch information
M4tteoP committed Jul 8, 2024
1 parent 9cb6fd0 commit ec56bc5
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 10 deletions.
3 changes: 1 addition & 2 deletions example/envoy/envoy-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,7 @@ static_resources:
"SecDefaultAction \"phase:3,log,auditlog,pass\"",
"SecDefaultAction \"phase:4,log,auditlog,pass\"",
"SecDefaultAction \"phase:5,log,auditlog,pass\"",
"SecAuditLog /dev/stdout",
"SecAuditLogFormat JSON",
"SecAuditEngine On",
"SecDebugLogLevel 3",
"Include @owasp_crs/*.conf",
"SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\" \nSecRule REQUEST_BODY \"@rx maliciouspayload\" \"id:102,phase:2,t:lowercase,deny\" \nSecRule RESPONSE_HEADERS::status \"@rx 406\" \"id:103,phase:3,t:lowercase,deny\" \nSecRule RESPONSE_BODY \"@contains responsebodycode\" \"id:104,phase:4,t:lowercase,deny\""
Expand Down
12 changes: 5 additions & 7 deletions internal/auditlog/serial_writer.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,10 @@ import (
"github.com/tetratelabs/proxy-wasm-go-sdk/proxywasm"
)

// Coraza does not come with a built-in audit log writer for Wasm
// See https://github.com/corazawaf/coraza/blob/main/internal/auditlog/init_tinygo.go
// This function overrides the default "Serial" audit log writer in order to print audit logs
// to the proxy-wasm log as info messages.
// This function overrides the default "Serial" audit log writer (see https://github.com/corazawaf/coraza/blob/main/internal/auditlog/init_tinygo.go)
// in order to print audit logs to the proxy-wasm log as info messages with a prefix to differentiate them from other logs.
func RegisterWasmSerialWriter() {
plugins.RegisterAuditLogWriter("serialNotUsed", func() plugintypes.AuditLogWriter {
plugins.RegisterAuditLogWriter("serial", func() plugintypes.AuditLogWriter {
return &wasmSerial{}
})
}
Expand Down Expand Up @@ -44,8 +42,8 @@ func (s *wasmSerial) Write(al plugintypes.AuditLog) error {
if len(bts) == 0 {
return nil
}

proxywasm.LogInfo(string(bts))
// Print the audit log to the proxy-wasm log as an info message adding an "AuditLog:" prefix.
proxywasm.LogInfo("AuditLog:" + string(bts))
return nil
}

Expand Down
3 changes: 2 additions & 1 deletion wasmplugin/rules/coraza-demo.conf
Original file line number Diff line number Diff line change
Expand Up @@ -230,11 +230,12 @@ SecAuditLogParts ABIJDEFHZ
# Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only occasionally.
#
# Because of proxy-wasm limitations, audit logs can only be written to stdout
# which end up in the proxy logs.
SecAuditLogType Serial
SecAuditLog /dev/stdout
SecAuditLogFormat JSON


# -- Miscellaneous -----------------------------------------------------------

# Use the most commonly used application/x-www-form-urlencoded parameter
Expand Down
2 changes: 2 additions & 0 deletions wasmplugin/rules/coraza.conf-recommended.conf
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,8 @@ SecAuditLogParts ABIJDEFHZ
# Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only occasionally.
#
# Because of proxy-wasm limitations, audit logs can only be written to stdout
# which end up in the proxy logs.
SecAuditLogType Serial
SecAuditLog /dev/stdout
SecAuditLogFormat JSON
Expand Down

0 comments on commit ec56bc5

Please sign in to comment.