On Thu, Sep 9, 2021 at 12:22 AM Christopher Faulet <[email protected]> wrote:
> Le 8/11/21 à 2:53 AM, Ryan Burn a écrit : > > I'm working on integrating HAProxy with traceable.ai < > http://traceable.ai>'s > > security product. > > > > As part of the integration, we'd like to capture the contents of any > http > > responses processed by HAProxy and send them to a service either via > SPOA or an > > RPC call from Lua. The response contents are used by the product to help > > identify possible security threats. > > > > I've tried a few things, but haven't found a reliable way to capture the > > contents of response bodies. Is this possible with HAProxy? > > > > Here are the approaches I've explored so far: > > > > 1. I used the "res.body" fetch but that only provides the contents > sometimes (I > > presume if it's available in a buffer): > > > https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/extcap.conf#L19 > > < > https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/extcap.conf#L19 > > > > > > 2. I also tried accessing the contents of the response channel from a > Lua > > action, but that fails with "Cannot manipulate HAProxy channels in HTTP > mode" > > > https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/response.lua#L5 > > < > https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/response.lua#L5 > > > > > About the sample fetches, on HAProxy 2.3 and lower, there is no way to get > the > response payload because it is not possible to wait for it. There is no > equivalent to the "http-buffer-request" option on the response side. On > HAProxy-2.4, it is possible by using "wait-for-body" HTTP rule, available > on the > request and the response side. However, it is still limited by the buffer > size. > Thanks Christopher! Do you know how to access the response body from a SPOA if you add the "wait-for-body"? I added the wait-for-proxy rules to my example project, but the "res.body" argument still doesn't consistently provide the full body. https://github.com/rnburn/haproxy-extcap/blob/master/test/docker/haproxy.cfg#L15-L16
