beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1703 commits 83 branches 177 tags 151 MiB
Commit graph

19 commits

Author SHA1 Message Date
Thibault "bui" Koechlin 63bd31b471
Fix REQUEST_URI behavior + fix #2891 (#2917) 
* fix our behavior to comply more with modsec, REQUEST_URI should be: path+query string

* fix #2891 as well

* add new transforms

* add transform tests
 2024-03-29 17:57:54 +01:00
Laurence Jones e9b0f3c54e
wip: fix unix socket error (#2897) 2024-03-14 15:36:47 +00:00
blotus 742f5e8cda
[appsec] delete api key header before processing the request (#2890) 2024-03-14 14:00:39 +01:00
Thibault "bui" Koechlin 2a7e8383c8
fix #2889 (#2892) 
* fix #2889
 2024-03-13 17:20:06 +01:00
blotus e8ff13bc17
appsec: get the original UA from headers (#2809) 2024-03-08 15:04:36 +01:00
blotus 332af5dd8d
appsec: split return code for bouncer and user (#2821) 2024-02-09 14:39:34 +01:00
mmetc 4b8e6cd780
appsec: avoid nil dereference (#2773) 2024-01-23 09:32:41 +01:00
blotus 84606eb207
Appsec hooks fixes (#2769) 2024-01-22 13:33:20 +01:00
Thibault "bui" Koechlin 685cda545b
fix the reload process for appsec (#2750) 2024-01-17 11:54:44 +01:00
AlteredCoder a52f1b75ff
Don't close the body of the request (#2747) 2024-01-16 17:23:35 +01:00
mmetc 08794c5b6d
[appsec] waf tester (#2746) 2024-01-16 11:39:23 +01:00
AlteredCoder a65223aa5b
Add original http request to hooks (#2740) 2024-01-16 10:33:44 +01:00
Thibault "bui" Koechlin 896dfefcdf
[appsec] implement count transformation (#2698) 
* implement count transfo
 2024-01-12 14:30:08 +01:00
Thibault "bui" Koechlin adba4e2a2f
fix multizone multivar (#2727) 2024-01-12 10:11:13 +01:00
Thibault "bui" Koechlin 1c03fbe99e
minor waf fixes (#2693) 2024-01-03 17:19:48 +01:00
blotus 33e3fdabe4
Appsec additional fixes (#2676) 2023-12-21 11:51:04 +01:00
AlteredCoder a941576acc
Improvement to run hubtest for appsec in docker (#2660) 2023-12-14 16:05:16 +01:00
Thibault "bui" Koechlin 51f70e47e3
Minor improvements to hubtest and appsec component (#2656) 2023-12-13 17:45:56 +01:00
Thibault "bui" Koechlin 8cca4346a5
Application Security Engine Support (#2273) 
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)

The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)

---------

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-12-07 12:21:04 +01:00