up
This commit is contained in:
Sebastien Blot
parent
5ca2ee2f2e
commit
8999154f76
|
|
@ -364,7 +364,9 @@ func (w *WaapSource) waapHandler(rw http.ResponseWriter, r *http.Request) {
|
||||||
WafBlockCounter.With(prometheus.Labels{"source": parsedRequest.RemoteAddrNormalized, "waap_engine": parsedRequest.WaapEngine}).Inc()
|
WafBlockCounter.With(prometheus.Labels{"source": parsedRequest.RemoteAddrNormalized, "waap_engine": parsedRequest.WaapEngine}).Inc()
|
||||||
}
|
}
|
||||||
|
|
||||||
waapResponse := w.WaapRuntime.GenerateResponse(response.InBandInterrupt)
|
w.logger.Infof("Response: %+v", response)
|
||||||
|
|
||||||
|
waapResponse := w.WaapRuntime.GenerateResponse(response)
|
||||||
|
|
||||||
rw.WriteHeader(waapResponse.HTTPStatus)
|
rw.WriteHeader(waapResponse.HTTPStatus)
|
||||||
body, err := json.Marshal(BodyResponse{Action: waapResponse.Action})
|
body, err := json.Marshal(BodyResponse{Action: waapResponse.Action})
|
||||||
|
|
|
||||||
|
|
@ -213,6 +213,7 @@ func (r *WaapRunner) Run(t *tomb.Tomb) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
elapsed := time.Since(startParsing)
|
elapsed := time.Since(startParsing)
|
||||||
WafInbandParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddr}).Observe(elapsed.Seconds())
|
WafInbandParsingHistogram.With(prometheus.Labels{"source": request.RemoteAddr}).Observe(elapsed.Seconds())
|
||||||
|
|
||||||
|
|
@ -220,6 +221,9 @@ func (r *WaapRunner) Run(t *tomb.Tomb) error {
|
||||||
//@tko : this should move in the WaapRuntimeConfig as it knows what to do with the interruption and the expected remediation
|
//@tko : this should move in the WaapRuntimeConfig as it knows what to do with the interruption and the expected remediation
|
||||||
|
|
||||||
// send back the result to the HTTP handler for the InBand part
|
// send back the result to the HTTP handler for the InBand part
|
||||||
|
|
||||||
|
r.logger.Infof("Response: %+v", r.WaapRuntime.Response)
|
||||||
|
|
||||||
request.ResponseChannel <- r.WaapRuntime.Response
|
request.ResponseChannel <- r.WaapRuntime.Response
|
||||||
|
|
||||||
request.IsInBand = false
|
request.IsInBand = false
|
||||||
|
|
|
||||||
|
|
@ -468,21 +468,21 @@ type BodyResponse struct {
|
||||||
HTTPStatus int `json:"http_status"`
|
HTTPStatus int `json:"http_status"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WaapRuntimeConfig) GenerateResponse(interrupted bool) BodyResponse {
|
func (w *WaapRuntimeConfig) GenerateResponse(response WaapTempResponse) BodyResponse {
|
||||||
resp := BodyResponse{}
|
resp := BodyResponse{}
|
||||||
//if there is no interrupt, we should allow with default code
|
//if there is no interrupt, we should allow with default code
|
||||||
if !interrupted {
|
if !response.InBandInterrupt {
|
||||||
resp.Action = w.Config.DefaultPassAction
|
resp.Action = w.Config.DefaultPassAction
|
||||||
resp.HTTPStatus = w.Config.PassedHTTPCode
|
resp.HTTPStatus = w.Config.PassedHTTPCode
|
||||||
return resp
|
return resp
|
||||||
}
|
}
|
||||||
resp.Action = w.Response.Action
|
resp.Action = response.Action
|
||||||
if resp.Action == "" {
|
if resp.Action == "" {
|
||||||
resp.Action = w.Config.DefaultRemediation
|
resp.Action = w.Config.DefaultRemediation
|
||||||
}
|
}
|
||||||
w.Logger.Debugf("action is %s", resp.Action)
|
w.Logger.Debugf("action is %s", resp.Action)
|
||||||
|
|
||||||
resp.HTTPStatus = w.Response.HTTPResponseCode
|
resp.HTTPStatus = response.HTTPResponseCode
|
||||||
if resp.HTTPStatus == 0 {
|
if resp.HTTPStatus == 0 {
|
||||||
resp.HTTPStatus = w.Config.BlockedHTTPCode
|
resp.HTTPStatus = w.Config.BlockedHTTPCode
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue