Hi list, I’m trying to filter spoe events using acl, no success atm.
This is the relevant part of my configuration:
=== /etc/haproxy/haproxy.cfg ===
frontend bar
...
filter spoe engine modsecurity config /etc/haproxy/spoe-modsecurity.conf
http-request deny if { var(txn.modsec.code) -m int gt 0 }
...
backend spoe-modsecurity
mode tcp
server modsec-spoa1 127.0.0.1:12345
=== /etc/haproxy/spoe-modsecurity.conf
[modsecurity]
spoe-agent modsecurity-agent
messages check-request
option var-prefix modsec
timeout hello 100ms
timeout idle 30s
timeout processing 1s
use-backend spoe-modsecurity
spoe-message check-request
acl host_my.domain req.hdr(host) my.domain
args unique-id method path query req.ver req.hdrs_bin req.body_size
req.body
event on-frontend-http-request if host_my.domain
There is no difference if I use acl like the example above, or use the `if
{...}` syntax or remove the acl at all, my modsecurity agent always receive a
new connection despite of the host I’m using.
Is there a way to use a spoe filter only if some l7 conditions match?
~jm
