Commit graph

19 commits

Author SHA1 Message Date
Thibault "bui" Koechlin
63bd31b471
Fix REQUEST_URI behavior + fix #2891 (#2917)
* fix our behavior to comply more with modsec, REQUEST_URI should be: path+query string

* fix #2891 as well

* add new transforms

* add transform tests
2024-03-29 17:57:54 +01:00
Laurence Jones
e9b0f3c54e
wip: fix unix socket error (#2897) 2024-03-14 15:36:47 +00:00
blotus
742f5e8cda
[appsec] delete api key header before processing the request (#2890) 2024-03-14 14:00:39 +01:00
Thibault "bui" Koechlin
2a7e8383c8
fix #2889 (#2892)
* fix #2889
2024-03-13 17:20:06 +01:00
blotus
e8ff13bc17
appsec: get the original UA from headers (#2809) 2024-03-08 15:04:36 +01:00
blotus
332af5dd8d
appsec: split return code for bouncer and user (#2821) 2024-02-09 14:39:34 +01:00
mmetc
4b8e6cd780
appsec: avoid nil dereference (#2773) 2024-01-23 09:32:41 +01:00
blotus
84606eb207
Appsec hooks fixes (#2769) 2024-01-22 13:33:20 +01:00
Thibault "bui" Koechlin
685cda545b
fix the reload process for appsec (#2750) 2024-01-17 11:54:44 +01:00
AlteredCoder
a52f1b75ff
Don't close the body of the request (#2747) 2024-01-16 17:23:35 +01:00
mmetc
08794c5b6d
[appsec] waf tester (#2746) 2024-01-16 11:39:23 +01:00
AlteredCoder
a65223aa5b
Add original http request to hooks (#2740) 2024-01-16 10:33:44 +01:00
Thibault "bui" Koechlin
896dfefcdf
[appsec] implement count transformation (#2698)
* implement count transfo
2024-01-12 14:30:08 +01:00
Thibault "bui" Koechlin
adba4e2a2f
fix multizone multivar (#2727) 2024-01-12 10:11:13 +01:00
Thibault "bui" Koechlin
1c03fbe99e
minor waf fixes (#2693) 2024-01-03 17:19:48 +01:00
blotus
33e3fdabe4
Appsec additional fixes (#2676) 2023-12-21 11:51:04 +01:00
AlteredCoder
a941576acc
Improvement to run hubtest for appsec in docker (#2660) 2023-12-14 16:05:16 +01:00
Thibault "bui" Koechlin
51f70e47e3
Minor improvements to hubtest and appsec component (#2656) 2023-12-13 17:45:56 +01:00
Thibault "bui" Koechlin
8cca4346a5
Application Security Engine Support (#2273)
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)

The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)

---------

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
2023-12-07 12:21:04 +01:00