Le 12/04/2017 à 10:49, Christopher Faulet a écrit :
Le 11/04/2017 à 10:49, Thierry Fournier a écrit :
Hi list
I join one usage of HAProxy / SPOE, it is WAF offloading.
These patches are a first version, it have some limitations describe
in the README file in the directory contrib/modsecurity.
- Christopher, please check the patch "BUG/MINOR", it is about spoe
functions.
- The exemple of ModSecurity compilation can be improved. It is based
on my local distro.
The feedback are welcome.
Hi Thierry,
Really nice ! I'll take a look at it soon. Glad to see the first service
that uses the SPOE ! Good job.
Hi Thierry,
I finally took the time to review your patches, mainly the second one,
about the sample fetch. I think it would be pity to introduced such
complex sample fetch. All parts, except the HTTP headers, are already
available in dedicated sample fetches. It could be better to only add a
sample fetch to get HTTP headers (req.hdrs and res.hdrs, something like
that). Because a sample fetch cannot return a list, we can probably
encode it into a binary buffer using a \0 as separator. something like:
<num-of-headers><header-name>\0<header-value>\0<header-name>\0<header-value>\0...
This way, the sample fetch does not depend on the SPOE and can be used
in another context. And concerning your SPOA, this will be quite easy to
parse it.
About the SPOA, it seems to be ok. The server part is based on the SPOA
example so it should be ok (or you can blame me for all bugs :) For the
mod_security part, I blindly trust you.
--
Christopher Faulet