waf

package
v1.17.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2025 License: Apache-2.0 Imports: 19 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	AuditLogging_AuditLogAction_name = map[int32]string{
		0: "NEVER",
		1: "RELEVANT_ONLY",
		2: "ALWAYS",
	}
	AuditLogging_AuditLogAction_value = map[string]int32{
		"NEVER":         0,
		"RELEVANT_ONLY": 1,
		"ALWAYS":        2,
	}
)

Enum value maps for AuditLogging_AuditLogAction.

View Source
var (
	AuditLogging_AuditLogLocation_name = map[int32]string{
		0: "FILTER_STATE",
		1: "DYNAMIC_METADATA",
	}
	AuditLogging_AuditLogLocation_value = map[string]int32{
		"FILTER_STATE":     0,
		"DYNAMIC_METADATA": 1,
	}
)

Enum value maps for AuditLogging_AuditLogLocation.

View Source
var File_github_com_solo_io_gloo_projects_gloo_api_external_envoy_extensions_waf_waf_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type AuditLogging added in v1.3.26

type AuditLogging struct {
	Action   AuditLogging_AuditLogAction   `` /* 139-byte string literal not displayed */
	Location AuditLogging_AuditLogLocation `` /* 145-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*AuditLogging) Clone added in v1.8.24

func (m *AuditLogging) Clone() proto.Message

Clone function

func (*AuditLogging) Descriptor deprecated added in v1.3.26

func (*AuditLogging) Descriptor() ([]byte, []int)

Deprecated: Use AuditLogging.ProtoReflect.Descriptor instead.

func (*AuditLogging) Equal added in v1.3.26

func (m *AuditLogging) Equal(that interface{}) bool

Equal function

func (*AuditLogging) GetAction added in v1.3.26

func (*AuditLogging) GetLocation added in v1.3.26

func (*AuditLogging) Hash added in v1.6.0

func (m *AuditLogging) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*AuditLogging) ProtoMessage added in v1.3.26

func (*AuditLogging) ProtoMessage()

func (*AuditLogging) ProtoReflect added in v1.6.0

func (x *AuditLogging) ProtoReflect() protoreflect.Message

func (*AuditLogging) Reset added in v1.3.26

func (x *AuditLogging) Reset()

func (*AuditLogging) String added in v1.3.26

func (x *AuditLogging) String() string

type AuditLogging_AuditLogAction added in v1.3.26

type AuditLogging_AuditLogAction int32
const (
	// Never generate audit logs.
	AuditLogging_NEVER AuditLogging_AuditLogAction = 0
	// When set to RELEVANT_ONLY, this will have similar behavior to `SecAuditEngine RelevantOnly`.
	AuditLogging_RELEVANT_ONLY AuditLogging_AuditLogAction = 1
	// Always generate an audit log entry (as long as the filter is not disabled).
	AuditLogging_ALWAYS AuditLogging_AuditLogAction = 2
)

func (AuditLogging_AuditLogAction) Descriptor added in v1.6.0

func (AuditLogging_AuditLogAction) Enum added in v1.6.0

func (AuditLogging_AuditLogAction) EnumDescriptor deprecated added in v1.3.26

func (AuditLogging_AuditLogAction) EnumDescriptor() ([]byte, []int)

Deprecated: Use AuditLogging_AuditLogAction.Descriptor instead.

func (AuditLogging_AuditLogAction) Number added in v1.6.0

func (AuditLogging_AuditLogAction) String added in v1.3.26

func (AuditLogging_AuditLogAction) Type added in v1.6.0

type AuditLogging_AuditLogLocation added in v1.3.26

type AuditLogging_AuditLogLocation int32
const (
	// Add the audit log to the filter state.
	// it will be under the key "io.solo.modsecurity.audit_log".
	// You can use this formatter in the access log:
	// %FILTER_STATE(io.solo.modsecurity.audit_log)%
	AuditLogging_FILTER_STATE AuditLogging_AuditLogLocation = 0
	// Add the audit log to the dynamic metadata.
	// it will be under the filter name "io.solo.filters.http.modsecurity". with "audit_log" as the
	// key. You can use this formatter in the access log:
	// %DYNAMIC_METADATA("io.solo.filters.http.modsecurity:audit_log")%
	AuditLogging_DYNAMIC_METADATA AuditLogging_AuditLogLocation = 1
)

func (AuditLogging_AuditLogLocation) Descriptor added in v1.6.0

func (AuditLogging_AuditLogLocation) Enum added in v1.6.0

func (AuditLogging_AuditLogLocation) EnumDescriptor deprecated added in v1.3.26

func (AuditLogging_AuditLogLocation) EnumDescriptor() ([]byte, []int)

Deprecated: Use AuditLogging_AuditLogLocation.Descriptor instead.

func (AuditLogging_AuditLogLocation) Number added in v1.6.0

func (AuditLogging_AuditLogLocation) String added in v1.3.26

func (AuditLogging_AuditLogLocation) Type added in v1.6.0

type ModSecurity

type ModSecurity struct {

	// Disable all rules on the current route
	Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3" json:"disabled,omitempty"`
	// Global rule sets for the current http connection manager
	RuleSets []*RuleSet `protobuf:"bytes,2,rep,name=rule_sets,json=ruleSets,proto3" json:"rule_sets,omitempty"`
	// Custom message to display when an intervention occurs
	CustomInterventionMessage string `` /* 138-byte string literal not displayed */
	// This instructs the filter what to do with the transaction's audit log.
	AuditLogging *AuditLogging `protobuf:"bytes,5,opt,name=audit_logging,json=auditLogging,proto3" json:"audit_logging,omitempty"`
	// If set, the body will not be buffered and fed to ModSecurity. Only the headers will.
	// This can help improve performance.
	RequestHeadersOnly  bool `protobuf:"varint,6,opt,name=request_headers_only,json=requestHeadersOnly,proto3" json:"request_headers_only,omitempty"`
	ResponseHeadersOnly bool `protobuf:"varint,7,opt,name=response_headers_only,json=responseHeadersOnly,proto3" json:"response_headers_only,omitempty"`
	// log in a format suited for the OWASP regression tests.
	// this format is a multiline log format, so it is disabled for regular use.
	// do not enable this in production!
	RegressionLogs    bool                                 `protobuf:"varint,4,opt,name=regression_logs,json=regressionLogs,proto3" json:"regression_logs,omitempty"`
	DlpTransformation *transformation_ee.DlpTransformation `protobuf:"bytes,8,opt,name=dlp_transformation,json=dlpTransformation,proto3" json:"dlp_transformation,omitempty"`
	// contains filtered or unexported fields
}

func (*ModSecurity) Clone added in v1.8.24

func (m *ModSecurity) Clone() proto.Message

Clone function

func (*ModSecurity) Descriptor deprecated

func (*ModSecurity) Descriptor() ([]byte, []int)

Deprecated: Use ModSecurity.ProtoReflect.Descriptor instead.

func (*ModSecurity) Equal

func (m *ModSecurity) Equal(that interface{}) bool

Equal function

func (*ModSecurity) GetAuditLogging added in v1.3.26

func (x *ModSecurity) GetAuditLogging() *AuditLogging

func (*ModSecurity) GetCustomInterventionMessage added in v0.20.9

func (x *ModSecurity) GetCustomInterventionMessage() string

func (*ModSecurity) GetDisabled

func (x *ModSecurity) GetDisabled() bool

func (*ModSecurity) GetDlpTransformation added in v1.9.25

func (x *ModSecurity) GetDlpTransformation() *transformation_ee.DlpTransformation

func (*ModSecurity) GetRegressionLogs added in v1.3.26

func (x *ModSecurity) GetRegressionLogs() bool

func (*ModSecurity) GetRequestHeadersOnly added in v1.4.13

func (x *ModSecurity) GetRequestHeadersOnly() bool

func (*ModSecurity) GetResponseHeadersOnly added in v1.4.13

func (x *ModSecurity) GetResponseHeadersOnly() bool

func (*ModSecurity) GetRuleSets

func (x *ModSecurity) GetRuleSets() []*RuleSet

func (*ModSecurity) Hash added in v1.2.13

func (m *ModSecurity) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ModSecurity) ProtoMessage

func (*ModSecurity) ProtoMessage()

func (*ModSecurity) ProtoReflect added in v1.6.0

func (x *ModSecurity) ProtoReflect() protoreflect.Message

func (*ModSecurity) Reset

func (x *ModSecurity) Reset()

func (*ModSecurity) String

func (x *ModSecurity) String() string

type ModSecurityPerRoute

type ModSecurityPerRoute struct {

	// Disable all rules on the current route
	Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3" json:"disabled,omitempty"`
	// Overwrite the global rules on this route
	RuleSets []*RuleSet `protobuf:"bytes,2,rep,name=rule_sets,json=ruleSets,proto3" json:"rule_sets,omitempty"`
	// Custom message to display when an intervention occurs
	CustomInterventionMessage string `` /* 138-byte string literal not displayed */
	// This instructs the filter what to do with the transaction's audit log.
	AuditLogging *AuditLogging `protobuf:"bytes,5,opt,name=audit_logging,json=auditLogging,proto3" json:"audit_logging,omitempty"`
	// If set, the body will not be buffered and fed to ModSecurity. Only the headers will.
	// This can help improve performance.
	RequestHeadersOnly  bool                                 `protobuf:"varint,6,opt,name=request_headers_only,json=requestHeadersOnly,proto3" json:"request_headers_only,omitempty"`
	ResponseHeadersOnly bool                                 `protobuf:"varint,7,opt,name=response_headers_only,json=responseHeadersOnly,proto3" json:"response_headers_only,omitempty"`
	DlpTransformation   *transformation_ee.DlpTransformation `protobuf:"bytes,8,opt,name=dlp_transformation,json=dlpTransformation,proto3" json:"dlp_transformation,omitempty"`
	// contains filtered or unexported fields
}

func (*ModSecurityPerRoute) Clone added in v1.8.24

func (m *ModSecurityPerRoute) Clone() proto.Message

Clone function

func (*ModSecurityPerRoute) Descriptor deprecated

func (*ModSecurityPerRoute) Descriptor() ([]byte, []int)

Deprecated: Use ModSecurityPerRoute.ProtoReflect.Descriptor instead.

func (*ModSecurityPerRoute) Equal

func (m *ModSecurityPerRoute) Equal(that interface{}) bool

Equal function

func (*ModSecurityPerRoute) GetAuditLogging added in v1.3.26

func (x *ModSecurityPerRoute) GetAuditLogging() *AuditLogging

func (*ModSecurityPerRoute) GetCustomInterventionMessage added in v0.20.9

func (x *ModSecurityPerRoute) GetCustomInterventionMessage() string

func (*ModSecurityPerRoute) GetDisabled

func (x *ModSecurityPerRoute) GetDisabled() bool

func (*ModSecurityPerRoute) GetDlpTransformation added in v1.9.25

func (x *ModSecurityPerRoute) GetDlpTransformation() *transformation_ee.DlpTransformation

func (*ModSecurityPerRoute) GetRequestHeadersOnly added in v1.4.13

func (x *ModSecurityPerRoute) GetRequestHeadersOnly() bool

func (*ModSecurityPerRoute) GetResponseHeadersOnly added in v1.4.13

func (x *ModSecurityPerRoute) GetResponseHeadersOnly() bool

func (*ModSecurityPerRoute) GetRuleSets

func (x *ModSecurityPerRoute) GetRuleSets() []*RuleSet

func (*ModSecurityPerRoute) Hash added in v1.2.13

func (m *ModSecurityPerRoute) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*ModSecurityPerRoute) ProtoMessage

func (*ModSecurityPerRoute) ProtoMessage()

func (*ModSecurityPerRoute) ProtoReflect added in v1.6.0

func (x *ModSecurityPerRoute) ProtoReflect() protoreflect.Message

func (*ModSecurityPerRoute) Reset

func (x *ModSecurityPerRoute) Reset()

func (*ModSecurityPerRoute) String

func (x *ModSecurityPerRoute) String() string

type RuleSet

type RuleSet struct {

	// String of rules which are added directly
	RuleStr string `protobuf:"bytes,1,opt,name=rule_str,json=ruleStr,proto3" json:"rule_str,omitempty"`
	// Array of files with rules to include.
	// Any subsequent changes to the rules in these files are not automatically updated. To update rules from files, version and update the file name.
	// If you want dynamically updated rules, use the `configMapRuleSets` option instead.
	Files []string `protobuf:"bytes,3,rep,name=files,proto3" json:"files,omitempty"`
	// A directory to include. all *.conf files in this directory will be
	// included. sub directories will NOT be checked.
	Directory string `protobuf:"bytes,4,opt,name=directory,proto3" json:"directory,omitempty"`
	// contains filtered or unexported fields
}

func (*RuleSet) Clone added in v1.8.24

func (m *RuleSet) Clone() proto.Message

Clone function

func (*RuleSet) Descriptor deprecated

func (*RuleSet) Descriptor() ([]byte, []int)

Deprecated: Use RuleSet.ProtoReflect.Descriptor instead.

func (*RuleSet) Equal

func (m *RuleSet) Equal(that interface{}) bool

Equal function

func (*RuleSet) GetDirectory added in v1.3.26

func (x *RuleSet) GetDirectory() string

func (*RuleSet) GetFiles

func (x *RuleSet) GetFiles() []string

func (*RuleSet) GetRuleStr

func (x *RuleSet) GetRuleStr() string

func (*RuleSet) Hash added in v1.2.13

func (m *RuleSet) Hash(hasher hash.Hash64) (uint64, error)

Hash function

func (*RuleSet) ProtoMessage

func (*RuleSet) ProtoMessage()

func (*RuleSet) ProtoReflect added in v1.6.0

func (x *RuleSet) ProtoReflect() protoreflect.Message

func (*RuleSet) Reset

func (x *RuleSet) Reset()

func (*RuleSet) String

func (x *RuleSet) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL