jiazhizhong/higress
1
0
Fork 0
mirror of https://github.com/alibaba/higress.git synced 2026-03-05 00:50:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
7e6168a644c0c9c625fbe29331d83e00a48da2fd
higress/plugins/wasm-go/extensions/waf/README_EN.md
澄潭 c7c4ae1da2 update plugins doc (#1305)
2024-09-12 21:48:40 +08:00

40 lines
1.6 KiB
Markdown
Raw Blame History

---
title: WAF
keywords: [higress,waf]
description: WAF plugin configuration reference
---
## Function Description
The waf plugin implements a ModSecurity-based rule protection engine, which can block suspicious requests based on user-defined rules, and supports OWASP CRS, providing basic protection features for the site.
## Running Attributes
Plugin execution phase: `authorization phase`
Plugin execution priority: `330`
## Configuration Fields
| Name | Data Type | Filling Requirements | Default Value | Description |
|----------|--------------------|----------------------|---------------|-----------------------------------------------------------------------------|
| useCRS | bool | Optional | false | Whether to enable OWASP CRS, for details refer to [coreruleset](https://github.com/coreruleset/coreruleset/tree/v3.3.2) |
| secRules | array of string | Optional | - | User-defined WAF protection rules, syntax rules can refer to [ModSecurity Chinese Manual](http://www.modsecurity.cn/chm/) |
## Configuration Example
```yaml
useCRS: true
secRules:
- "SecDebugLogLevel 3"
- "SecRuleEngine On"
- "SecAction \"id:100,phase:1,pass\""
- "SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\""
- "SecRule REQUEST_BODY \"@rx maliciouspayload\" \"id:102,phase:2,t:lowercase,deny\""
```
Based on this configuration, the following requests will be prohibited from access:
```bash
curl http://example.com/admin
curl http://example.com -d "maliciouspayload"
```
Reference in New Issue View Git Blame Copy Permalink