EventHub/EventHubBack
1
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Настройка Coraza WAF

Browse Source
This commit is contained in:
Алексей Сабилин
2026-04-25 12:51:25 +03:00
parent 23ccc9aacc
commit d4178ee39f
2 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docker/traefik/dynamic_conf.yml
View File

@@ -15,20 +15,32 @@ http:
scheme: https
permanent: true
waf:
plugin:
coraza:
directives:
# - "SecRuleEngine DetectionOnly"
- "SecRuleEngine On"
- "SecDebugLog /dev/stdout"
- "SecDebugLogLevel 2"
# - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\""
- "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\""
routers:
# === REST API пользователей ===
# --- REST API пользователей ---
api:
rule: "Host(`api.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
middlewares: ["redirect-to-https", "waf"]
service: "api"
api-secure:
rule: "Host(`api.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
middlewares: ["waf"]
service: "api"
# === WebSocket пользователей ===
# --- WebSocket пользователей ---
ws:
rule: "Host(`ws.eventhub.local`)"
entryPoints: ["web"]
@@ -40,19 +52,20 @@ http:
tls: true
service: "ws"
# === Админский REST ===
# --- Админский REST ---
admin-api:
rule: "Host(`admin.eventhub.local`)"
entryPoints: ["web"]
middlewares: ["redirect-to-https"]
middlewares: ["redirect-to-https", "waf"]
service: "admin-api"
admin-api-secure:
rule: "Host(`admin.eventhub.local`)"
entryPoints: ["websecure"]
tls: true
middlewares: ["waf"]
service: "admin-api"
# === Админский WebSocket ===
# --- Админский WebSocket ---
admin-ws:
rule: "Host(`admin-ws.eventhub.local`)"
entryPoints: ["web"]
@@ -85,7 +98,7 @@ http:
servers:
- url: "http://fallback:80"
# === WebSocket пользователей (простой балансировщик) ===
# === WebSocket пользователей ===
ws:
loadbalancer:
servers:
@@ -113,7 +126,7 @@ http:
servers:
- url: "http://fallback:80"
# === Админский WebSocket (простой балансировщик) ===
# === Админский WebSocket ===
admin-ws:
loadbalancer:
servers: