EventHub/EventHubBack
1
1
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Настройка Coraza WAF

Browse Source
This commit is contained in:
Алексей Сабилин
2026-04-25 12:51:25 +03:00
parent 23ccc9aacc
commit d4178ee39f
2 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker/docker-compose.yml
View File

@@ -16,6 +16,9 @@ services:
- "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
- "--metrics.prometheus.addEntryPointsLabels=true" - "--metrics.prometheus.addEntryPointsLabels=true"
- "--metrics.prometheus.addServicesLabels=true" - "--metrics.prometheus.addServicesLabels=true"
# --- Coraza WAF ---
- "--experimental.plugins.coraza.modulename=github.com/jcchavezs/coraza-http-wasm-traefik"
- "--experimental.plugins.coraza.version=v0.2.0"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"

29
docker/traefik/dynamic_conf.yml
View File

@@ -15,20 +15,32 @@ http:
scheme: https scheme: https
permanent: true permanent: true
waf:
plugin:
coraza:
directives:
# - "SecRuleEngine DetectionOnly"
- "SecRuleEngine On"
- "SecDebugLog /dev/stdout"
- "SecDebugLogLevel 2"
# - "SecRule REQUEST_URI \"@rx /admin\" \"id:101,phase:1,log,deny,status:403\""
- "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\""
routers: routers:
# === REST API пользователей === # --- REST API пользователей ---
api: api:
rule: "Host(`api.eventhub.local`)" rule: "Host(`api.eventhub.local`)"
entryPoints: ["web"] entryPoints: ["web"]
middlewares: ["redirect-to-https"] middlewares: ["redirect-to-https", "waf"]
service: "api" service: "api"
api-secure: api-secure:
rule: "Host(`api.eventhub.local`)" rule: "Host(`api.eventhub.local`)"
entryPoints: ["websecure"] entryPoints: ["websecure"]
tls: true tls: true
middlewares: ["waf"]
service: "api" service: "api"
# === WebSocket пользователей === # --- WebSocket пользователей ---
ws: ws:
rule: "Host(`ws.eventhub.local`)" rule: "Host(`ws.eventhub.local`)"
entryPoints: ["web"] entryPoints: ["web"]
@@ -40,19 +52,20 @@ http:
tls: true tls: true
service: "ws" service: "ws"
# === Админский REST === # --- Админский REST ---
admin-api: admin-api:
rule: "Host(`admin.eventhub.local`)" rule: "Host(`admin.eventhub.local`)"
entryPoints: ["web"] entryPoints: ["web"]
middlewares: ["redirect-to-https"] middlewares: ["redirect-to-https", "waf"]
service: "admin-api" service: "admin-api"
admin-api-secure: admin-api-secure:
rule: "Host(`admin.eventhub.local`)" rule: "Host(`admin.eventhub.local`)"
entryPoints: ["websecure"] entryPoints: ["websecure"]
tls: true tls: true
middlewares: ["waf"]
service: "admin-api" service: "admin-api"
# === Админский WebSocket === # --- Админский WebSocket ---
admin-ws: admin-ws:
rule: "Host(`admin-ws.eventhub.local`)" rule: "Host(`admin-ws.eventhub.local`)"
entryPoints: ["web"] entryPoints: ["web"]
@@ -85,7 +98,7 @@ http:
servers: servers:
- url: "http://fallback:80" - url: "http://fallback:80"
# === WebSocket пользователей (простой балансировщик) === # === WebSocket пользователей ===
ws: ws:
loadbalancer: loadbalancer:
servers: servers:
@@ -113,7 +126,7 @@ http:
servers: servers:
- url: "http://fallback:80" - url: "http://fallback:80"
# === Админский WebSocket (простой балансировщик) === # === Админский WebSocket ===
admin-ws: admin-ws:
loadbalancer: loadbalancer:
servers: servers: