Le 15/02/2017 à 02:43, Aleksandar Lazic a écrit :

Due to the fact that I like this SPOE I have started to write about it


Is the concept displayed correct in the picture?
Are the data (tcp, http-header, http-body) quoted when HAProxy send it
to the SPOEA?

I'm interested to create a spoea for https://modsecurity.org/ do anyone
else see a need for this?

Hi Aleks,

Nice to see someone interested by the SPOE and by implementing a service using it. Your picture is correct.

The protocol used to communicate with agents (the SPOP) is a binary protocol. So data are not quoted.

About the modsecurity, it is definitely a good candidate for a SPOA. Note that for now, it is not possible to send all the HTTP request (Header + Body). With the option "http-buffer-request", you could handle simple/small requests. But it will not work for chunked or too big payloads.

For now, I'm working on SPOE improvements. The current version is an "experimental" version with many flaws and limited features. But the payload filtering is definitely on the roadmap (without deadline however). This requires changes in the HTTP parser, so it is a bit tricky. And new sample fetches need to be added. So there is still a lot of work before you can implement a fully functional WAF. But I'm on it and all help/suggestion/remarks are welcome :)

Christopher Faulet

Reply via email to