wip
This commit is contained in:
Sebastien Blot
parent
1973aa1a56
commit
d335e74c81
1 changed files with 72 additions and 0 deletions
|
|
@ -3,6 +3,8 @@ package wafacquisition
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"github.com/corazawaf/coraza/v3"
|
||||
|
|
@ -179,5 +181,75 @@ func (w *WafSource) wafHandler(rw http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
defer func() {
|
||||
tx.ProcessLogging()
|
||||
tx.Close()
|
||||
}()
|
||||
|
||||
tx.ProcessConnection(r.RemoteAddr, 0, "", 0)
|
||||
|
||||
tx.ProcessURI(r.URL.String(), r.Method, r.Proto) //FIXME: get it from the headers
|
||||
|
||||
for k, vr := range r.Header {
|
||||
for _, v := range vr {
|
||||
tx.AddRequestHeader(k, v)
|
||||
}
|
||||
}
|
||||
|
||||
if r.Host != "" {
|
||||
tx.AddRequestHeader("Host", r.Host)
|
||||
// This connector relies on the host header (now host field) to populate ServerName
|
||||
tx.SetServerName(r.Host)
|
||||
}
|
||||
|
||||
if r.TransferEncoding != nil {
|
||||
tx.AddRequestHeader("Transfer-Encoding", r.TransferEncoding[0])
|
||||
}
|
||||
|
||||
in := tx.ProcessRequestHeaders()
|
||||
if in != nil {
|
||||
w.logger.Warnf("WAF blocked request: %+v", in)
|
||||
rw.WriteHeader(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
in = tx.ProcessRequestHeaders()
|
||||
|
||||
if in != nil {
|
||||
w.logger.Warnf("WAF blocked request: %+v", in)
|
||||
rw.WriteHeader(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
if tx.IsRequestBodyAccessible() {
|
||||
if r.Body != nil && r.Body != http.NoBody {
|
||||
_, _, err := tx.ReadRequestBodyFrom(r.Body)
|
||||
if err != nil {
|
||||
w.logger.Errorf("Cannot read request body: %s", err)
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
bodyReader, err := tx.RequestBodyReader()
|
||||
if err != nil {
|
||||
w.logger.Errorf("Cannot read request body: %s", err)
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
body := io.MultiReader(bodyReader, r.Body)
|
||||
r.Body = ioutil.NopCloser(body)
|
||||
in, err = tx.ProcessRequestBody()
|
||||
if err != nil {
|
||||
w.logger.Errorf("Cannot process request body: %s", err)
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if in != nil {
|
||||
w.logger.Warnf("WAF blocked request: %+v", in)
|
||||
rw.WriteHeader(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
rw.WriteHeader(http.StatusOK)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue