Re: ModSecurity: First integration patches

Am Thu, 4 May 2017 08:57:41 +0200 schrieb Baptiste : > On Thu, May 4, 2017 at 8:50 AM, Aleksandar Lazic > wrote: > > > Hi. > > > > awsome timing because nginx just released his WAF also ;-). > > > > https://www.nginx.com/blog/modsecurity-waf-released/ > >

Re: ModSecurity: First integration patches

On Thu, May 4, 2017 at 8:50 AM, Aleksandar Lazic wrote: > Hi. > > awsome timing because nginx just released his WAF also ;-). > > https://www.nginx.com/blog/modsecurity-waf-released/ > > Well, you can't compare a proprietary product with an open source one! And here, we see

Re: ModSecurity: First integration patches

Hi. awsome timing because nginx just released his WAF also ;-). https://www.nginx.com/blog/modsecurity-waf-released/ Now we only need to give Willy the time and chance to work on HTTP/2 to have this feature also in haproxy ;-) Regards Aleks Am Thu, 27 Apr 2017 23:10:15 +0200 schrieb Thierry

Re: ModSecurity: First integration patches

> On 27 Apr 2017, at 18:53, Aleksandar Lazic wrote: > > Hi Willy. > > Am 27-04-2017 12:05, schrieb Willy Tarreau: >> Hi Thierry, >> On Thu, Apr 20, 2017 at 03:05:35PM +0200, Thierry Fournier wrote: >>> Hi, >>> After a quick private brainstorm, Willy propose to me a new

Re: ModSecurity: First integration patches

Hi Willy. Am 27-04-2017 12:05, schrieb Willy Tarreau: Hi Thierry, On Thu, Apr 20, 2017 at 03:05:35PM +0200, Thierry Fournier wrote: Hi, After a quick private brainstorm, Willy propose to me a new binary encoding for the headers. It is useless to give the numbers of headers contained in the

Re: ModSecurity: First integration patches

Hi Thierry, On Thu, Apr 20, 2017 at 03:05:35PM +0200, Thierry Fournier wrote: > Hi, > > After a quick private brainstorm, Willy propose to me a new binary encoding > for the headers. It is useless to give the numbers of headers contained in > the block, so the end of headers is marked by an

Re: ModSecurity: First integration patches

> On 23 Apr 2017, at 15:19, Aleksandar Lazic wrote: > > Hi Thierry > > Am 20-04-2017 15:05, schrieb Thierry Fournier: >> Hi, >> After a quick private brainstorm, Willy propose to me a new binary encoding >> for the headers. It is useless to give the numbers of headers

Re: ModSecurity: First integration patches

Hi Thierry Am 20-04-2017 15:05, schrieb Thierry Fournier: Hi, After a quick private brainstorm, Willy propose to me a new binary encoding for the headers. It is useless to give the numbers of headers contained in the block, so the end of headers is marked by an empty header (header name

Re: ModSecurity: First integration patches

Am 19-04-2017 11:24, schrieb Thierry Fournier: On 19 Apr 2017, at 09:16, Aleksandar Lazic wrote: Am 19-04-2017 05:51, schrieb Willy Tarreau: On Tue, Apr 18, 2017 at 11:55:46PM +0200, Aleksandar Lazic wrote: Why not reuse the upcoming http/2 format. HTTP/2 is *easy* to

Re: ModSecurity: First integration patches

Hi, There is a new lot of patches for the spoa/modescurity contrib. Thierry On Wed, 19 Apr 2017 11:24:36 +0200 Thierry Fournier wrote: > > > On 19 Apr 2017, at 09:16, Aleksandar Lazic wrote: > > > > > > > > Am 19-04-2017 05:51, schrieb Willy

Re: ModSecurity: First integration patches

> On 19 Apr 2017, at 09:16, Aleksandar Lazic wrote: > > > > Am 19-04-2017 05:51, schrieb Willy Tarreau: >> On Tue, Apr 18, 2017 at 11:55:46PM +0200, Aleksandar Lazic wrote: >>> Why not reuse the upcoming http/2 format. >>> HTTP/2 is *easy* to parse and the implementations

Re: ModSecurity: First integration patches

Am 19-04-2017 05:51, schrieb Willy Tarreau: On Tue, Apr 18, 2017 at 11:55:46PM +0200, Aleksandar Lazic wrote: Why not reuse the upcoming http/2 format. HTTP/2 is *easy* to parse and the implementations of servers are growing? Are you kidding ? I mean you want everyone to have to implement

Re: ModSecurity: First integration patches

On Tue, Apr 18, 2017 at 11:55:46PM +0200, Aleksandar Lazic wrote: > Why not reuse the upcoming http/2 format. > HTTP/2 is *easy* to parse and the implementations of servers are growing? Are you kidding ? I mean you want everyone to have to implement HPACK etc ? > I know this is still on the todo

Re: ModSecurity: First integration patches

Am 18-04-2017 15:10, schrieb Willy Tarreau: On Tue, Apr 18, 2017 at 02:59:20PM +0200, Christopher Faulet wrote: Le 18/04/2017 à 14:40, Willy Tarreau a écrit : > On Tue, Apr 18, 2017 at 12:15:20PM +0200, Christopher Faulet wrote: > > I finally took the time to review your patches, mainly the

Re: ModSecurity: First integration patches

On Tue, Apr 18, 2017 at 02:59:20PM +0200, Christopher Faulet wrote: > Le 18/04/2017 à 14:40, Willy Tarreau a écrit : > > On Tue, Apr 18, 2017 at 12:15:20PM +0200, Christopher Faulet wrote: > > > I finally took the time to review your patches, mainly the second one, > > > about > > > the sample

Re: ModSecurity: First integration patches

Le 18/04/2017 à 14:40, Willy Tarreau a écrit : On Tue, Apr 18, 2017 at 12:15:20PM +0200, Christopher Faulet wrote: I finally took the time to review your patches, mainly the second one, about the sample fetch. I think it would be pity to introduced such complex sample fetch. All parts, except

Re: ModSecurity: First integration patches

On Tue, Apr 18, 2017 at 12:15:20PM +0200, Christopher Faulet wrote: > I finally took the time to review your patches, mainly the second one, about > the sample fetch. I think it would be pity to introduced such complex sample > fetch. All parts, except the HTTP headers, are already available in >

Re: ModSecurity: First integration patches

Le 12/04/2017 à 10:49, Christopher Faulet a écrit : Le 11/04/2017 à 10:49, Thierry Fournier a écrit : Hi list I join one usage of HAProxy / SPOE, it is WAF offloading. These patches are a first version, it have some limitations describe in the README file in the directory contrib/modsecurity.

Re: ModSecurity: First integration patches

Hi Willy. Am 14-04-2017 11:41, schrieb Willy Tarreau: Hi Aleks, On Fri, Apr 14, 2017 at 10:25:56AM +0200, Aleksandar Lazic wrote: Willy can you please commit this patches. I'm fine with this, but I prefer to give some time to Christopher to review this, as Thierry asked. It can take quite

Re: ModSecurity: First integration patches

Hi Aleks, On Fri, Apr 14, 2017 at 10:25:56AM +0200, Aleksandar Lazic wrote: > Willy can you please commit this patches. I'm fine with this, but I prefer to give some time to Christopher to review this, as Thierry asked. It can take quite some time since the purpse of cutting the development

Re: ModSecurity: First integration patches

On Thu, Apr 13, 2017 at 01:17:07PM +0200, Christopher Faulet wrote: > The hello-handshake is done only once, when a new connection with a SPOA is > opened. But we can improve the SPOP by adding a new frame type to handle > admin tasks (like graceful stop). This way, for a specific connection, it >

Re: ModSecurity: First integration patches

Hi. Am 13-04-2017 02:06, schrieb Aleksandar Lazic: Am 12-04-2017 23:33, schrieb Aleksandar Lazic: Am 12-04-2017 21:28, schrieb thierry.fourn...@arpalert.org: On Wed, 12 Apr 2017 21:21:58 +0200 Aleksandar Lazic wrote: [snipp] Do you have the patches as files where I

Re: ModSecurity: First integration patches

Le 13/04/2017 à 12:53, Thierry Fournier a écrit : On 13 Apr 2017, at 12:28, Willy Tarreau wrote: On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: .) the patches apply only on haproxy 1.8 because some files does not exists on 1.7 ( e. g. include/proto/spoe.h )

Re: ModSecurity: First integration patches

> On 13 Apr 2017, at 12:28, Willy Tarreau wrote: > > On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: >>> .) the patches apply only on haproxy 1.8 because some files does not exists >>> on 1.7 ( e. g. include/proto/spoe.h ) >> >> >> Ok. I think that SPOE was

Re: ModSecurity: First integration patches

On Thu, Apr 13, 2017 at 12:21:20PM +0200, Thierry Fournier wrote: > > .) the patches apply only on haproxy 1.8 because some files does not exists > > on 1.7 ( e. g. include/proto/spoe.h ) > > > Ok. I think that SPOE was introduced in 1.7, obviously I'm wrong. No, it was introduced in 1.7 but

Re: ModSecurity: First integration patches

> On 13 Apr 2017, at 02:06, Aleksandar Lazic wrote: > > > > Am 12-04-2017 23:33, schrieb Aleksandar Lazic: >> Am 12-04-2017 21:28, schrieb thierry.fourn...@arpalert.org: >>> On Wed, 12 Apr 2017 21:21:58 +0200 >>> Aleksandar Lazic wrote: > > [snipp] >

Re: ModSecurity: First integration patches

Am 12-04-2017 23:33, schrieb Aleksandar Lazic: Am 12-04-2017 21:28, schrieb thierry.fourn...@arpalert.org: On Wed, 12 Apr 2017 21:21:58 +0200 Aleksandar Lazic wrote: [snipp] Do you have the patches as files where I can download it? It's easier for docker to call a

Re: ModSecurity: First integration patches

Am 12-04-2017 21:28, schrieb thierry.fourn...@arpalert.org: On Wed, 12 Apr 2017 21:21:58 +0200 Aleksandar Lazic wrote: Hi. Am 12-04-2017 10:08, schrieb Thierry Fournier: >> On 12 Apr 2017, at 09:57, Aleksandar Lazic wrote: >> >> >> >> Am 11-04-2017

Re: ModSecurity: First integration patches

On Wed, 12 Apr 2017 21:21:58 +0200 Aleksandar Lazic wrote: > Hi. > > Am 12-04-2017 10:08, schrieb Thierry Fournier: > >> On 12 Apr 2017, at 09:57, Aleksandar Lazic wrote: > >> > >> > >> > >> Am 11-04-2017 10:49, schrieb Thierry Fournier: > >>> Hi list

Re: ModSecurity: First integration patches

Hi. Am 12-04-2017 10:08, schrieb Thierry Fournier: On 12 Apr 2017, at 09:57, Aleksandar Lazic wrote: Am 11-04-2017 10:49, schrieb Thierry Fournier: Hi list I join one usage of HAProxy / SPOE, it is WAF offloading. These patches are a first version, it have some

Re: ModSecurity: First integration patches

Le 11/04/2017 à 10:49, Thierry Fournier a écrit : Hi list I join one usage of HAProxy / SPOE, it is WAF offloading. These patches are a first version, it have some limitations describe in the README file in the directory contrib/modsecurity. - Christopher, please check the patch "BUG/MINOR",

Re: ModSecurity: First integration patches

> On 12 Apr 2017, at 09:57, Aleksandar Lazic wrote: > > > > Am 11-04-2017 10:49, schrieb Thierry Fournier: >> Hi list >> I join one usage of HAProxy / SPOE, it is WAF offloading. >> These patches are a first version, it have some limitations describe >> in the README file

Re: ModSecurity: First integration patches

Am 11-04-2017 10:49, schrieb Thierry Fournier: Hi list I join one usage of HAProxy / SPOE, it is WAF offloading. These patches are a first version, it have some limitations describe in the README file in the directory contrib/modsecurity. - Christopher, please check the patch "BUG/MINOR",

Re: ModSecurity: First integration patches

> On 11 Apr 2017, at 11:24, Olivier Doucet wrote: > > Hi Thierry, > > > > 2017-04-11 10:49 GMT+02:00 Thierry Fournier : > Hi list > > I join one usage of HAProxy / SPOE, it is WAF offloading. > > These patches are a first version, it have some

Re: ModSecurity: First integration patches

Hi Thierry, 2017-04-11 10:49 GMT+02:00 Thierry Fournier : > Hi list > > I join one usage of HAProxy / SPOE, it is WAF offloading. > > These patches are a first version, it have some limitations describe > in the README file in the directory contrib/modsecurity. > > -