Le 15/02/2017 à 02:43, Aleksandar Lazic a écrit :
Due to the fact that I like this SPOE I have started to write about it
Is the concept displayed correct in the picture?
Are the data (tcp, http-header, http-body) quoted when HAProxy send it
to the SPOEA?
I'm interested to create a spoea for https://modsecurity.org/ do anyone
else see a need for this?
Nice to see someone interested by the SPOE and by implementing a service
using it. Your picture is correct.
The protocol used to communicate with agents (the SPOP) is a binary
protocol. So data are not quoted.
About the modsecurity, it is definitely a good candidate for a SPOA.
Note that for now, it is not possible to send all the HTTP request
(Header + Body). With the option "http-buffer-request", you could handle
simple/small requests. But it will not work for chunked or too big payloads.
For now, I'm working on SPOE improvements. The current version is an
"experimental" version with many flaws and limited features. But the
payload filtering is definitely on the roadmap (without deadline
however). This requires changes in the HTTP parser, so it is a bit
tricky. And new sample fetches need to be added. So there is still a lot
of work before you can implement a fully functional WAF. But I'm on it
and all help/suggestion/remarks are welcome :)