beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

up

Browse source
This commit is contained in:
Sebastien Blot 2023-11-28 11:02:29 +01:00
parent 5ca2ee2f2e
commit 8999154f76
No known key found for this signature in database
GPG key ID: DFC2902F40449F6A
3 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/acquisition/modules/waap/waap.go
View file

@ -364,7 +364,9 @@ func (w *WaapSource) waapHandler(rw http.ResponseWriter, r *http.Request) {
WafBlockCounter.With(prometheus.Labels{"source": parsedRequest.RemoteAddrNormalized, "waap_engine": parsedRequest.WaapEngine}).Inc()
}
waapResponse := w.WaapRuntime.GenerateResponse(response.InBandInterrupt)
w.logger.Infof("Response: %+v", response)
waapResponse := w.WaapRuntime.GenerateResponse(response)
rw.WriteHeader(waapResponse.HTTPStatus)
body, err := json.Marshal(BodyResponse{Action: waapResponse.Action})

4
pkg/acquisition/modules/waap/waap_runner.go
View file

@ -213,6 +213,7 @@ func (r *WaapRunner) Run(t *tomb.Tomb) error {
continue
}
}
elapsed := time.Since(startParsing)
WafInbandParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddr}).Observe(elapsed.Seconds())
@ -220,6 +221,9 @@ func (r *WaapRunner) Run(t *tomb.Tomb) error {
//@tko : this should move in the WaapRuntimeConfig as it knows what to do with the interruption and the expected remediation
// send back the result to the HTTP handler for the InBand part
r.logger.Infof("Response: %+v", r.WaapRuntime.Response)
request.ResponseChannel <- r.WaapRuntime.Response
request.IsInBand = false

8
pkg/waf/waap.go
View file

@ -468,21 +468,21 @@ type BodyResponse struct {
HTTPStatus int `json:"http_status"`
}
func (w *WaapRuntimeConfig) GenerateResponse(interrupted bool) BodyResponse {
func (w *WaapRuntimeConfig) GenerateResponse(response WaapTempResponse) BodyResponse {
resp := BodyResponse{}
//if there is no interrupt, we should allow with default code
if !interrupted {
if !response.InBandInterrupt {
resp.Action = w.Config.DefaultPassAction
resp.HTTPStatus = w.Config.PassedHTTPCode
return resp
}
resp.Action = w.Response.Action
resp.Action = response.Action
if resp.Action == "" {
resp.Action = w.Config.DefaultRemediation
}
w.Logger.Debugf("action is %s", resp.Action)
resp.HTTPStatus = w.Response.HTTPResponseCode
resp.HTTPStatus = response.HTTPResponseCode
if resp.HTTPStatus == 0 {
resp.HTTPStatus = w.Config.BlockedHTTPCode
}