mirror of
https://github.com/alibaba/higress.git
synced 2026-03-10 03:30:48 +08:00
143 lines
5.7 KiB
YAML
143 lines
5.7 KiB
YAML
stats_config:
|
|
stats_tags:
|
|
# Envoy extracts the first matching group as a value.
|
|
# See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/metrics/v3/stats.proto#config-metrics-v3-statsconfig.
|
|
- tag_name: phase
|
|
regex: "(_phase=([a-z_]+))"
|
|
- tag_name: rule_id
|
|
regex: "(_ruleid=([0-9]+))"
|
|
|
|
static_resources:
|
|
listeners:
|
|
- address:
|
|
socket_address:
|
|
address: 0.0.0.0
|
|
port_value: 8080
|
|
filter_chains:
|
|
- filters:
|
|
- name: envoy.filters.network.http_connection_manager
|
|
typed_config:
|
|
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
|
|
stat_prefix: ingress_http
|
|
codec_type: auto
|
|
route_config:
|
|
virtual_hosts:
|
|
- name: local_route
|
|
domains:
|
|
- "*"
|
|
routes:
|
|
- name: "route_1"
|
|
match:
|
|
path: "/headers"
|
|
route:
|
|
cluster: httpbin_server
|
|
- name: "route_2"
|
|
match:
|
|
path: "/user-agent"
|
|
route:
|
|
cluster: httpbin_server
|
|
- name: "route_flask"
|
|
match:
|
|
prefix: "/flask"
|
|
route:
|
|
cluster: flask_server
|
|
- name: "route_httpbin"
|
|
match:
|
|
prefix: "/"
|
|
route:
|
|
cluster: httpbin_server
|
|
# - name: "route_mock"
|
|
# match:
|
|
# prefix: "/"
|
|
# direct_response:
|
|
# status: 200
|
|
# body:
|
|
# inline_string: "mock response\n"
|
|
http_filters:
|
|
- name: envoy.filters.http.wasm
|
|
typed_config:
|
|
"@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
|
|
config:
|
|
name: "coraza-filter"
|
|
root_id: ""
|
|
configuration:
|
|
"@type": "type.googleapis.com/google.protobuf.StringValue"
|
|
value: |
|
|
{
|
|
"useCRS": true,
|
|
"secRules": [
|
|
"SecDebugLogLevel 3",
|
|
"SecRuleEngine On",
|
|
"SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\"",
|
|
"SecRule REQUEST_BODY \"@rx maliciouspayload\" \"id:102,phase:2,t:lowercase,deny\"",
|
|
"SecRule RESPONSE_HEADERS::status \"@rx 406\" \"id:103,phase:3,t:lowercase,deny\"",
|
|
"SecRule RESPONSE_HEADERS:test-header \"@streq hahaha\" \"id:104,phase:3,t:lowercase,deny\"",
|
|
"SecRule RESPONSE_BODY \"@rx attack\" \"id:105,phase:4,t:lowercase,deny\""
|
|
],
|
|
"_rules_": [
|
|
{
|
|
"_match_route_": [
|
|
"route_1"
|
|
],
|
|
"secRules": [
|
|
"SecDebugLogLevel 3",
|
|
"SecRuleEngine On",
|
|
"SecAction \"id:102,phase:1,deny\""
|
|
]
|
|
},
|
|
{
|
|
"_match_route_": [
|
|
"route_2"
|
|
],
|
|
"secRules": [
|
|
"SecDebugLogLevel 3",
|
|
"SecRuleEngine On",
|
|
"SecAction \"id:102,phase:1,pass\""
|
|
]
|
|
}
|
|
]
|
|
}
|
|
vm_config:
|
|
runtime: "envoy.wasm.runtime.v8"
|
|
vm_id: "10086"
|
|
code:
|
|
local:
|
|
filename: "build/main.wasm"
|
|
- name: envoy.filters.http.router
|
|
typed_config:
|
|
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
|
|
|
|
clusters:
|
|
- name: httpbin_server
|
|
connect_timeout: 6000s
|
|
type: STRICT_DNS
|
|
lb_policy: ROUND_ROBIN
|
|
load_assignment:
|
|
cluster_name: httpbin_server
|
|
endpoints:
|
|
- lb_endpoints:
|
|
- endpoint:
|
|
address:
|
|
socket_address:
|
|
address: httpbin
|
|
port_value: 8080
|
|
- name: flask_server
|
|
connect_timeout: 6000s
|
|
type: STRICT_DNS
|
|
lb_policy: ROUND_ROBIN
|
|
load_assignment:
|
|
cluster_name: flask_server
|
|
endpoints:
|
|
- lb_endpoints:
|
|
- endpoint:
|
|
address:
|
|
socket_address:
|
|
address: flask
|
|
port_value: 5000
|
|
|
|
admin:
|
|
access_log_path: "/dev/null"
|
|
address:
|
|
socket_address:
|
|
address: 0.0.0.0
|
|
port_value: 8082 |