waf

package
v1.18.0-beta26 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2024 License: Apache-2.0 Imports: 20 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	AuditLogging_AuditLogAction_name = map[int32]string{
		0: "NEVER",
		1: "RELEVANT_ONLY",
		2: "ALWAYS",
	}
	AuditLogging_AuditLogAction_value = map[string]int32{
		"NEVER":         0,
		"RELEVANT_ONLY": 1,
		"ALWAYS":        2,
	}
)

Enum value maps for AuditLogging_AuditLogAction.

View Source 
var (
	AuditLogging_AuditLogLocation_name = map[int32]string{
		0: "FILTER_STATE",
		1: "DYNAMIC_METADATA",
	}
	AuditLogging_AuditLogLocation_value = map[string]int32{
		"FILTER_STATE":     0,
		"DYNAMIC_METADATA": 1,
	}
)

Enum value maps for AuditLogging_AuditLogLocation.

View Source 
var File_github_com_solo_io_gloo_projects_gloo_api_external_envoy_extensions_waf_waf_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type AuditLogging added in v1.3.26 

type AuditLogging struct {
	Action   AuditLogging_AuditLogAction   `` /* 139-byte string literal not displayed */
	Location AuditLogging_AuditLogLocation `` /* 145-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*AuditLogging) Clone added in v1.8.24 

func (m *AuditLogging) Clone() proto.Message

Clone function

func (*AuditLogging) Descriptor deprecated added in v1.3.26 

func (*AuditLogging) Descriptor() ([]byte, []int)

Deprecated: Use AuditLogging.ProtoReflect.Descriptor instead.

func (*AuditLogging) Equal added in v1.3.26 

func (m *AuditLogging) Equal(that interface{}) bool

Equal function

func (*AuditLogging) GetAction added in v1.3.26 

func (x *AuditLogging) GetAction() AuditLogging_AuditLogAction

func (*AuditLogging) GetLocation added in v1.3.26 

func (x *AuditLogging) GetLocation() AuditLogging_AuditLogLocation

func (*AuditLogging) Hash deprecated added in v1.6.0 

func (m *AuditLogging) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*AuditLogging) HashUnique 

func (m *AuditLogging) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*AuditLogging) ProtoMessage added in v1.3.26 

func (*AuditLogging) ProtoMessage()

func (*AuditLogging) ProtoReflect added in v1.6.0 

func (x *AuditLogging) ProtoReflect() protoreflect.Message

func (*AuditLogging) Reset added in v1.3.26 

func (x *AuditLogging) Reset()

func (*AuditLogging) String added in v1.3.26 

func (x *AuditLogging) String() string

type AuditLogging_AuditLogAction added in v1.3.26 

type AuditLogging_AuditLogAction int32
const (
	// Never generate audit logs.
	AuditLogging_NEVER AuditLogging_AuditLogAction = 0
	// When set to RELEVANT_ONLY, this will have similar behavior to `SecAuditEngine RelevantOnly`.
	AuditLogging_RELEVANT_ONLY AuditLogging_AuditLogAction = 1
	// Always generate an audit log entry (as long as the filter is not disabled).
	AuditLogging_ALWAYS AuditLogging_AuditLogAction = 2
)

func (AuditLogging_AuditLogAction) Descriptor added in v1.6.0 

func (AuditLogging_AuditLogAction) Descriptor() protoreflect.EnumDescriptor

func (AuditLogging_AuditLogAction) Enum added in v1.6.0 

func (x AuditLogging_AuditLogAction) Enum() *AuditLogging_AuditLogAction

func (AuditLogging_AuditLogAction) EnumDescriptor deprecated added in v1.3.26 

func (AuditLogging_AuditLogAction) EnumDescriptor() ([]byte, []int)

Deprecated: Use AuditLogging_AuditLogAction.Descriptor instead.

func (AuditLogging_AuditLogAction) Number added in v1.6.0 

func (x AuditLogging_AuditLogAction) Number() protoreflect.EnumNumber

func (AuditLogging_AuditLogAction) String added in v1.3.26 

func (x AuditLogging_AuditLogAction) String() string

func (AuditLogging_AuditLogAction) Type added in v1.6.0 

func (AuditLogging_AuditLogAction) Type() protoreflect.EnumType

type AuditLogging_AuditLogLocation added in v1.3.26 

type AuditLogging_AuditLogLocation int32
const (
	// Add the audit log to the filter state.
	// it will be under the key "io.solo.modsecurity.audit_log".
	// You can use this formatter in the access log:
	// %FILTER_STATE(io.solo.modsecurity.audit_log)%
	AuditLogging_FILTER_STATE AuditLogging_AuditLogLocation = 0
	// Add the audit log to the dynamic metadata.
	// it will be under the filter name "io.solo.filters.http.modsecurity". with "audit_log" as the
	// key. You can use this formatter in the access log:
	// %DYNAMIC_METADATA("io.solo.filters.http.modsecurity:audit_log")%
	AuditLogging_DYNAMIC_METADATA AuditLogging_AuditLogLocation = 1
)

func (AuditLogging_AuditLogLocation) Descriptor added in v1.6.0 

func (AuditLogging_AuditLogLocation) Descriptor() protoreflect.EnumDescriptor

func (AuditLogging_AuditLogLocation) Enum added in v1.6.0 

func (x AuditLogging_AuditLogLocation) Enum() *AuditLogging_AuditLogLocation

func (AuditLogging_AuditLogLocation) EnumDescriptor deprecated added in v1.3.26 

func (AuditLogging_AuditLogLocation) EnumDescriptor() ([]byte, []int)

Deprecated: Use AuditLogging_AuditLogLocation.Descriptor instead.

func (AuditLogging_AuditLogLocation) Number added in v1.6.0 

func (x AuditLogging_AuditLogLocation) Number() protoreflect.EnumNumber

func (AuditLogging_AuditLogLocation) String added in v1.3.26 

func (x AuditLogging_AuditLogLocation) String() string

func (AuditLogging_AuditLogLocation) Type added in v1.6.0 

func (AuditLogging_AuditLogLocation) Type() protoreflect.EnumType

type ModSecurity 

type ModSecurity struct {

	// Disable all rules on the current route
	Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3" json:"disabled,omitempty"`
	// Global rule sets for the current http connection manager
	RuleSets []*RuleSet `protobuf:"bytes,2,rep,name=rule_sets,json=ruleSets,proto3" json:"rule_sets,omitempty"`
	// Custom message to display when an intervention occurs
	CustomInterventionMessage string `` /* 138-byte string literal not displayed */
	// This instructs the filter what to do with the transaction's audit log.
	AuditLogging *AuditLogging `protobuf:"bytes,5,opt,name=audit_logging,json=auditLogging,proto3" json:"audit_logging,omitempty"`
	// If set, the body will not be buffered and fed to ModSecurity. Only the headers will.
	// This can help improve performance.
	RequestHeadersOnly  bool `protobuf:"varint,6,opt,name=request_headers_only,json=requestHeadersOnly,proto3" json:"request_headers_only,omitempty"`
	ResponseHeadersOnly bool `protobuf:"varint,7,opt,name=response_headers_only,json=responseHeadersOnly,proto3" json:"response_headers_only,omitempty"`
	// log in a format suited for the OWASP regression tests.
	// this format is a multiline log format, so it is disabled for regular use.
	// do not enable this in production!
	RegressionLogs    bool                                 `protobuf:"varint,4,opt,name=regression_logs,json=regressionLogs,proto3" json:"regression_logs,omitempty"`
	DlpTransformation *transformation_ee.DlpTransformation `protobuf:"bytes,8,opt,name=dlp_transformation,json=dlpTransformation,proto3" json:"dlp_transformation,omitempty"`
	// contains filtered or unexported fields
}

func (*ModSecurity) Clone added in v1.8.24 

func (m *ModSecurity) Clone() proto.Message

Clone function

func (*ModSecurity) Descriptor deprecated 

func (*ModSecurity) Descriptor() ([]byte, []int)

Deprecated: Use ModSecurity.ProtoReflect.Descriptor instead.

func (*ModSecurity) Equal 

func (m *ModSecurity) Equal(that interface{}) bool

Equal function

func (*ModSecurity) GetAuditLogging added in v1.3.26 

func (x *ModSecurity) GetAuditLogging() *AuditLogging

func (*ModSecurity) GetCustomInterventionMessage added in v0.20.9 

func (x *ModSecurity) GetCustomInterventionMessage() string

func (*ModSecurity) GetDisabled 

func (x *ModSecurity) GetDisabled() bool

func (*ModSecurity) GetDlpTransformation added in v1.9.25 

func (x *ModSecurity) GetDlpTransformation() *transformation_ee.DlpTransformation

func (*ModSecurity) GetRegressionLogs added in v1.3.26 

func (x *ModSecurity) GetRegressionLogs() bool

func (*ModSecurity) GetRequestHeadersOnly added in v1.4.13 

func (x *ModSecurity) GetRequestHeadersOnly() bool

func (*ModSecurity) GetResponseHeadersOnly added in v1.4.13 

func (x *ModSecurity) GetResponseHeadersOnly() bool

func (*ModSecurity) GetRuleSets 

func (x *ModSecurity) GetRuleSets() []*RuleSet

func (*ModSecurity) Hash deprecated added in v1.2.13 

func (m *ModSecurity) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*ModSecurity) HashUnique 

func (m *ModSecurity) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*ModSecurity) ProtoMessage 

func (*ModSecurity) ProtoMessage()

func (*ModSecurity) ProtoReflect added in v1.6.0 

func (x *ModSecurity) ProtoReflect() protoreflect.Message

func (*ModSecurity) Reset 

func (x *ModSecurity) Reset()

func (*ModSecurity) String 

func (x *ModSecurity) String() string

type ModSecurityPerRoute 

type ModSecurityPerRoute struct {

	// Disable all rules on the current route
	Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3" json:"disabled,omitempty"`
	// Overwrite the global rules on this route
	RuleSets []*RuleSet `protobuf:"bytes,2,rep,name=rule_sets,json=ruleSets,proto3" json:"rule_sets,omitempty"`
	// Custom message to display when an intervention occurs
	CustomInterventionMessage string `` /* 138-byte string literal not displayed */
	// This instructs the filter what to do with the transaction's audit log.
	AuditLogging *AuditLogging `protobuf:"bytes,5,opt,name=audit_logging,json=auditLogging,proto3" json:"audit_logging,omitempty"`
	// If set, the body will not be buffered and fed to ModSecurity. Only the headers will.
	// This can help improve performance.
	RequestHeadersOnly  bool                                 `protobuf:"varint,6,opt,name=request_headers_only,json=requestHeadersOnly,proto3" json:"request_headers_only,omitempty"`
	ResponseHeadersOnly bool                                 `protobuf:"varint,7,opt,name=response_headers_only,json=responseHeadersOnly,proto3" json:"response_headers_only,omitempty"`
	DlpTransformation   *transformation_ee.DlpTransformation `protobuf:"bytes,8,opt,name=dlp_transformation,json=dlpTransformation,proto3" json:"dlp_transformation,omitempty"`
	// contains filtered or unexported fields
}

func (*ModSecurityPerRoute) Clone added in v1.8.24 

func (m *ModSecurityPerRoute) Clone() proto.Message

Clone function

func (*ModSecurityPerRoute) Descriptor deprecated 

func (*ModSecurityPerRoute) Descriptor() ([]byte, []int)

Deprecated: Use ModSecurityPerRoute.ProtoReflect.Descriptor instead.

func (*ModSecurityPerRoute) Equal 

func (m *ModSecurityPerRoute) Equal(that interface{}) bool

Equal function

func (*ModSecurityPerRoute) GetAuditLogging added in v1.3.26 

func (x *ModSecurityPerRoute) GetAuditLogging() *AuditLogging

func (*ModSecurityPerRoute) GetCustomInterventionMessage added in v0.20.9 

func (x *ModSecurityPerRoute) GetCustomInterventionMessage() string

func (*ModSecurityPerRoute) GetDisabled 

func (x *ModSecurityPerRoute) GetDisabled() bool

func (*ModSecurityPerRoute) GetDlpTransformation added in v1.9.25 

func (x *ModSecurityPerRoute) GetDlpTransformation() *transformation_ee.DlpTransformation

func (*ModSecurityPerRoute) GetRequestHeadersOnly added in v1.4.13 

func (x *ModSecurityPerRoute) GetRequestHeadersOnly() bool

func (*ModSecurityPerRoute) GetResponseHeadersOnly added in v1.4.13 

func (x *ModSecurityPerRoute) GetResponseHeadersOnly() bool

func (*ModSecurityPerRoute) GetRuleSets 

func (x *ModSecurityPerRoute) GetRuleSets() []*RuleSet

func (*ModSecurityPerRoute) Hash deprecated added in v1.2.13 

func (m *ModSecurityPerRoute) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*ModSecurityPerRoute) HashUnique 

func (m *ModSecurityPerRoute) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*ModSecurityPerRoute) ProtoMessage 

func (*ModSecurityPerRoute) ProtoMessage()

func (*ModSecurityPerRoute) ProtoReflect added in v1.6.0 

func (x *ModSecurityPerRoute) ProtoReflect() protoreflect.Message

func (*ModSecurityPerRoute) Reset 

func (x *ModSecurityPerRoute) Reset()

func (*ModSecurityPerRoute) String 

func (x *ModSecurityPerRoute) String() string

type RuleSet 

type RuleSet struct {

	// String of rules which are added directly
	RuleStr string `protobuf:"bytes,1,opt,name=rule_str,json=ruleStr,proto3" json:"rule_str,omitempty"`
	// Array of files with rules to include.
	// Any subsequent changes to the rules in these files are not automatically updated. To update rules from files, version and update the file name.
	// If you want dynamically updated rules, use the `configMapRuleSets` option instead.
	Files []string `protobuf:"bytes,3,rep,name=files,proto3" json:"files,omitempty"`
	// A directory to include. all *.conf files in this directory will be
	// included. sub directories will NOT be checked.
	Directory string `protobuf:"bytes,4,opt,name=directory,proto3" json:"directory,omitempty"`
	// contains filtered or unexported fields
}

func (*RuleSet) Clone added in v1.8.24 

func (m *RuleSet) Clone() proto.Message

Clone function

func (*RuleSet) Descriptor deprecated 

func (*RuleSet) Descriptor() ([]byte, []int)

Deprecated: Use RuleSet.ProtoReflect.Descriptor instead.

func (*RuleSet) Equal 

func (m *RuleSet) Equal(that interface{}) bool

Equal function

func (*RuleSet) GetDirectory added in v1.3.26 

func (x *RuleSet) GetDirectory() string

func (*RuleSet) GetFiles 

func (x *RuleSet) GetFiles() []string

func (*RuleSet) GetRuleStr 

func (x *RuleSet) GetRuleStr() string

func (*RuleSet) Hash deprecated added in v1.2.13 

func (m *RuleSet) Hash(hasher hash.Hash64) (uint64, error)

Hash function

Deprecated: due to hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions. Prefer the HashUnique function instead.

func (*RuleSet) HashUnique 

func (m *RuleSet) HashUnique(hasher hash.Hash64) (uint64, error)

HashUnique function generates a hash of the object that is unique to the object by hashing field name and value pairs. Replaces Hash due to original hashing implemention only using field values. The omission of the field name in the hash calculation can lead to hash collisions.

func (*RuleSet) ProtoMessage 

func (*RuleSet) ProtoMessage()

func (*RuleSet) ProtoReflect added in v1.6.0 

func (x *RuleSet) ProtoReflect() protoreflect.Message

func (*RuleSet) Reset 

func (x *RuleSet) Reset()

func (*RuleSet) String 

func (x *RuleSet) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.