Exports IsRuleEngineOff

http/middleware.go

@@ -89,6 +89,18 @@ func processRequest(tx types.Transaction, req *http.Request) (*types.Interruptio
 		}
 	}
 
+	// Calling tx.RuleEngineStatus() and tx.RequestBodyAccessible() is possible to
+	// anticipate some checks performed inside ProcessRequestBody(), avoiding
+	// to call the latter if no inspections are going to happen.
+	// It is performed here as a matter of example. It is recommended to avoid doing it
+	// if not strictly needed for server/proxy side actions.
+	switch {
+	case tx.RuleEngineStatus() == types.RuleEngineOff:
+		return nil, nil
+	case !tx.RequestBodyAccessible():
+		return tx.Interruption(), nil
+	}
+
 	return tx.ProcessRequestBody()
 }
 

http/middleware_test.go

@@ -43,6 +43,22 @@ func TestProcessRequest(t *testing.T) {
 	}
 }
 
+func TestProcessRequestEngineOff(t *testing.T) {
+	req, _ := http.NewRequest("POST", "https://www.coraza.io/test", strings.NewReader("test=456"))
+	waf := corazawaf.NewWAF()
+	waf.RuleEngine = types.RuleEngineOff
+	tx := waf.NewTransaction()
+	if _, err := processRequest(tx, req); err != nil {
+		t.Fatal(err)
+	}
+	if tx.Variables().RequestMethod().String() != "POST" {
+		t.Fatal("failed to set request from request object")
+	}
+	if err := tx.Close(); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func TestProcessRequestMultipart(t *testing.T) {
 	req, _ := http.NewRequest("POST", "/some", nil)
 	if err := multipartRequest(t, req); err != nil {

internal/corazawaf/transaction.go

@@ -939,12 +939,40 @@ func (tx *Transaction) ProcessLogging() {
 	}
 }
 
+// RuleEngineStatus returns the status of the rule engine for the transaction
+//
+// It is suggested to perform early checks on the status only if the API consumer
+// requires it for specific server/proxy actions (such as avoiding proxy side buffering).
+// Otherwise do not use this method in order to avoid any risk of performing wrong early assumptions.
+//
+// Three values can be returned:
+// types.RuleEngineOn: no early assumptions have to be made at all
+// types.RuleEngineDetectionOnly: it may be possible to assume that no disruptive actions will be performed
+// types.RuleEngineOff: it is safe to assume that no rules will be processed
+//
+// Note that it returns the current status of the engine, later rules may still change it via ctl actions
+func (tx *Transaction) RuleEngineStatus() types.RuleEngineStatus {
+	return tx.RuleEngine
+}
+
 // RequestBodyAccessible will return true if RequestBody access has been enabled by RequestBodyAccess
+//
+// It is suggested to perform early checks only if the API consumer requires them for specific
+// server/proxy actions (such as avoiding proxy side buffering).
+// Otherwise do not use this method in order to avoid any risk of performing wrong early assumptions.
+//
+// Note that it returns the current status, later rules may still change it via ctl actions
 func (tx *Transaction) RequestBodyAccessible() bool {
 	return tx.RequestBodyAccess
 }
 
 // ResponseBodyAccessible will return true if ResponseBody access has been enabled by ResponseBodyAccess
+//
+// It is suggested to perform early checks only if the API consumer requires them for specific
+// server/proxy actions (such as avoiding proxy side buffering).
+// Otherwise do not use this method in order to avoid any risk of performing wrong early assumptions.
+//
+// Note that it returns the current status, later rules may still change it via ctl actions.
 func (tx *Transaction) ResponseBodyAccessible() bool {
 	return tx.ResponseBodyAccess
 }

types/transaction.go

@@ -103,6 +103,9 @@ type Transaction interface {
 	// delivered prior to the execution of this method.
 	ProcessLogging()
 
+	// RuleEngineStatus returns the status of the rule engine for the transaction
+	RuleEngineStatus() RuleEngineStatus
+
 	// RequestBodyAccessible will return true if RequestBody access has been enabled by RequestBodyAccess
 	RequestBodyAccessible() bool