Add support for Mod Security DetectionOnly Mode #443

rikatz · 2019-11-08T19:46:08Z

Signed-off-by: Ricardo Pchevuzinske Katz ricardo.katz@serpro.gov.br

This PR adds support for a DetectionOnly mode in Mod Security for each backend.

The idea here is when specifying the annotation 'waf-mode: "DetectionOnly"' it will send the requests to the ModSecurity filter to generate the appropriate logging, but no action will be taken.

To keep the compability with following versions, the behavior here is: if there's a waf annotation and no waf-mode annotation, it will block bad requests.

To enable DetectionOnly mode user must create the waf-mode annotation with DetectionOnly as its value

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

jcmoraisjr

Hi, welcome back and thanks for this PR!

Some suggestions below.

pkg/converters/ingress/annotations/backend.go

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

jcmoraisjr · 2019-11-11T21:16:09Z

Thanks! Merging.

Add support for Mod Security DetectOnly Mode

1d5000c

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

jcmoraisjr reviewed Nov 10, 2019

View reviewed changes

pkg/converters/ingress/annotations/backend.go Outdated Show resolved Hide resolved

Add support for Mod Security Detection Only

d3a0bfa

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>

jcmoraisjr merged commit 40e2a51 into jcmoraisjr:master Nov 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for Mod Security DetectionOnly Mode #443

Add support for Mod Security DetectionOnly Mode #443

rikatz commented Nov 8, 2019

jcmoraisjr left a comment

jcmoraisjr commented Nov 11, 2019

Add support for Mod Security DetectionOnly Mode #443

Add support for Mod Security DetectionOnly Mode #443

Conversation

rikatz commented Nov 8, 2019

jcmoraisjr left a comment

Choose a reason for hiding this comment

jcmoraisjr commented Nov 11, 2019