Documentation ¶
Index ¶
- type BodyBuffer
- type ErrorLogCallback
- type Rule
- func (r *Rule) AddAction(name string, action rules.Action) error
- func (r *Rule) AddTransformation(name string, t rules.Transformation) error
- func (r *Rule) AddVariable(v variables.RuleVariable, key string, iscount bool) error
- func (r *Rule) AddVariableNegation(v variables.RuleVariable, key string) error
- func (r *Rule) ClearTransformations()
- func (r *Rule) Evaluate(tx rules.TransactionState) []types.MatchData
- func (r *Rule) ParentID() int
- func (r *Rule) SetOperator(operator rules.Operator, functionName string, params string)
- func (r *Rule) Status() int
- type RuleGroup
- func (rg *RuleGroup) Add(rule *Rule) error
- func (rg *RuleGroup) Clear()
- func (rg *RuleGroup) Count() int
- func (rg *RuleGroup) DeleteByID(id int)
- func (rg *RuleGroup) Eval(phase types.RulePhase, tx *Transaction) bool
- func (rg *RuleGroup) FindByID(id int) *Rule
- func (rg *RuleGroup) FindByMsg(msg string) []*Rule
- func (rg *RuleGroup) FindByTag(tag string) []*Rule
- func (rg *RuleGroup) GetRules() []*Rule
- type Transaction
- func (tx *Transaction) AddArgument(orig string, key string, value string)
- func (tx *Transaction) AddRequestHeader(key string, value string)
- func (tx *Transaction) AddResponseHeader(key string, value string)
- func (tx *Transaction) AuditLog() *loggers.AuditLog
- func (tx *Transaction) CaptureField(index int, value string)
- func (tx *Transaction) Capturing() bool
- func (tx *Transaction) Close() error
- func (tx *Transaction) Collection(idx variables.RuleVariable) collection.Collection
- func (tx *Transaction) ContentInjection() bool
- func (tx *Transaction) Debug() string
- func (tx *Transaction) DebugLogger() loggers.DebugLogger
- func (tx *Transaction) ExtractArguments(orig string, uri string)
- func (tx *Transaction) GetField(rv ruleVariableParams) []types.MatchData
- func (tx *Transaction) GetStopWatch() string
- func (tx *Transaction) ID() string
- func (tx *Transaction) Interrupt(interruption *types.Interruption)
- func (tx *Transaction) Interrupted() bool
- func (tx *Transaction) Interruption() *types.Interruption
- func (tx *Transaction) IsProcessableResponseBody() bool
- func (tx *Transaction) MatchRule(r *Rule, mds []types.MatchData)
- func (tx *Transaction) MatchedRules() []types.MatchedRule
- func (tx *Transaction) ParseRequestReader(data io.Reader) (*types.Interruption, error)
- func (tx *Transaction) ProcessConnection(client string, cPort int, server string, sPort int)
- func (tx *Transaction) ProcessLogging()
- func (tx *Transaction) ProcessRequestBody() (*types.Interruption, error)
- func (tx *Transaction) ProcessRequestHeaders() *types.Interruption
- func (tx *Transaction) ProcessResponseBody() (*types.Interruption, error)
- func (tx *Transaction) ProcessResponseHeaders(code int, proto string) *types.Interruption
- func (tx *Transaction) ProcessURI(uri string, method string, httpVersion string)
- func (tx *Transaction) RemoveRuleByID(id int)
- func (tx *Transaction) RemoveRuleTargetByID(id int, variable variables.RuleVariable, key string)
- func (tx *Transaction) RequestBodyReader() (io.Reader, error)
- func (tx *Transaction) RequestBodyWriter() io.Writer
- func (tx *Transaction) ResponseBodyReader() (io.Reader, error)
- func (tx *Transaction) ResponseBodyWriter() io.Writer
- func (tx *Transaction) String() string
- func (tx *Transaction) Variables() rules.TransactionVariables
- type TransactionVariables
- func (v *TransactionVariables) Args() *collection.Proxy
- func (v *TransactionVariables) ArgsCombinedSize() *collection.SizeProxy
- func (v *TransactionVariables) ArgsGet() *collection.Map
- func (v *TransactionVariables) ArgsGetNames() *collection.TranslationProxy
- func (v *TransactionVariables) ArgsNames() *collection.TranslationProxy
- func (v *TransactionVariables) ArgsPath() *collection.Map
- func (v *TransactionVariables) ArgsPost() *collection.Map
- func (v *TransactionVariables) ArgsPostNames() *collection.TranslationProxy
- func (v *TransactionVariables) AuthType() *collection.Simple
- func (v *TransactionVariables) Duration() *collection.Simple
- func (v *TransactionVariables) Env() *collection.Map
- func (v *TransactionVariables) Files() *collection.Map
- func (v *TransactionVariables) FilesCombinedSize() *collection.Simple
- func (v *TransactionVariables) FilesNames() *collection.Map
- func (v *TransactionVariables) FilesSizes() *collection.Map
- func (v *TransactionVariables) FilesTmpContent() *collection.Map
- func (v *TransactionVariables) FilesTmpNames() *collection.Map
- func (v *TransactionVariables) FullRequest() *collection.Simple
- func (v *TransactionVariables) FullRequestLength() *collection.Simple
- func (v *TransactionVariables) Geo() *collection.Map
- func (v *TransactionVariables) HighestSeverity() *collection.Simple
- func (v *TransactionVariables) IP() *collection.Map
- func (v *TransactionVariables) InboundDataError() *collection.Simple
- func (v *TransactionVariables) InboundErrorData() *collection.Simple
- func (v *TransactionVariables) MatchedVar() *collection.Simple
- func (v *TransactionVariables) MatchedVarName() *collection.Simple
- func (v *TransactionVariables) MatchedVars() *collection.Map
- func (v *TransactionVariables) MatchedVarsNames() *collection.Map
- func (v *TransactionVariables) MultipartBoundaryQuoted() *collection.Simple
- func (v *TransactionVariables) MultipartBoundaryWhitespace() *collection.Simple
- func (v *TransactionVariables) MultipartCrlfLfLines() *collection.Simple
- func (v *TransactionVariables) MultipartDataAfter() *collection.Simple
- func (v *TransactionVariables) MultipartDataBefore() *collection.Simple
- func (v *TransactionVariables) MultipartFileLimitExceeded() *collection.Simple
- func (v *TransactionVariables) MultipartFilename() *collection.Map
- func (v *TransactionVariables) MultipartHeaderFolding() *collection.Simple
- func (v *TransactionVariables) MultipartInvalidHeaderFolding() *collection.Simple
- func (v *TransactionVariables) MultipartInvalidPart() *collection.Simple
- func (v *TransactionVariables) MultipartInvalidQuoting() *collection.Simple
- func (v *TransactionVariables) MultipartLfLine() *collection.Simple
- func (v *TransactionVariables) MultipartMissingSemicolon() *collection.Simple
- func (v *TransactionVariables) MultipartName() *collection.Map
- func (v *TransactionVariables) MultipartPartHeaders() *collection.Map
- func (v *TransactionVariables) MultipartStrictError() *collection.Simple
- func (v *TransactionVariables) MultipartUnmatchedBoundary() *collection.Simple
- func (v *TransactionVariables) OutboundDataError() *collection.Simple
- func (v *TransactionVariables) PathInfo() *collection.Simple
- func (v *TransactionVariables) QueryString() *collection.Simple
- func (v *TransactionVariables) RemoteAddr() *collection.Simple
- func (v *TransactionVariables) RemoteHost() *collection.Simple
- func (v *TransactionVariables) RemotePort() *collection.Simple
- func (v *TransactionVariables) RequestBasename() *collection.Simple
- func (v *TransactionVariables) RequestBody() *collection.Simple
- func (v *TransactionVariables) RequestBodyError() *collection.Simple
- func (v *TransactionVariables) RequestBodyErrorMsg() *collection.Simple
- func (v *TransactionVariables) RequestBodyLength() *collection.Simple
- func (v *TransactionVariables) RequestBodyProcessor() *collection.Simple
- func (v *TransactionVariables) RequestBodyProcessorError() *collection.Simple
- func (v *TransactionVariables) RequestBodyProcessorErrorMsg() *collection.Simple
- func (v *TransactionVariables) RequestCookies() *collection.Map
- func (v *TransactionVariables) RequestCookiesNames() *collection.Map
- func (v *TransactionVariables) RequestFilename() *collection.Simple
- func (v *TransactionVariables) RequestHeaders() *collection.Map
- func (v *TransactionVariables) RequestHeadersNames() *collection.Map
- func (v *TransactionVariables) RequestLine() *collection.Simple
- func (v *TransactionVariables) RequestMethod() *collection.Simple
- func (v *TransactionVariables) RequestProtocol() *collection.Simple
- func (v *TransactionVariables) RequestURI() *collection.Simple
- func (v *TransactionVariables) RequestURIRaw() *collection.Simple
- func (v *TransactionVariables) RequestXML() *collection.Map
- func (v *TransactionVariables) ResponseBody() *collection.Simple
- func (v *TransactionVariables) ResponseContentLength() *collection.Simple
- func (v *TransactionVariables) ResponseContentType() *collection.Simple
- func (v *TransactionVariables) ResponseHeaders() *collection.Map
- func (v *TransactionVariables) ResponseHeadersNames() *collection.Map
- func (v *TransactionVariables) ResponseProtocol() *collection.Simple
- func (v *TransactionVariables) ResponseStatus() *collection.Simple
- func (v *TransactionVariables) ResponseXML() *collection.Map
- func (v *TransactionVariables) Rule() *collection.Map
- func (v *TransactionVariables) ServerAddr() *collection.Simple
- func (v *TransactionVariables) ServerName() *collection.Simple
- func (v *TransactionVariables) ServerPort() *collection.Simple
- func (v *TransactionVariables) SessionID() *collection.Simple
- func (v *TransactionVariables) StatusLine() *collection.Simple
- func (v *TransactionVariables) TX() *collection.Map
- func (v *TransactionVariables) UniqueID() *collection.Simple
- func (v *TransactionVariables) UrlencodedError() *collection.Simple
- func (v *TransactionVariables) UserID() *collection.Simple
- func (v *TransactionVariables) XML() *collection.Map
- type WAF
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BodyBuffer ¶
BodyBuffer is used to read RequestBody and ResponseBody objects It will handle memory usage for buffering and processing It implements io.Copy(bodyBuffer, someReader) by inherit io.Writer
func NewBodyBuffer ¶
func NewBodyBuffer(options types.BodyBufferOptions) *BodyBuffer
NewBodyBuffer Initializes a body reader After writing memLimit bytes to the memory buffer, data will be written to a temporary file Temporary files will be written to tmpDir
func (*BodyBuffer) Reader ¶
func (br *BodyBuffer) Reader() (io.Reader, error)
Reader Returns a working reader for the body buffer in memory or file
func (*BodyBuffer) Reset ¶
func (br *BodyBuffer) Reset() error
Reset will reset buffers and delete temporary files
func (*BodyBuffer) Size ¶
func (br *BodyBuffer) Size() int64
Size returns the current size of the body buffer
type ErrorLogCallback ¶
type ErrorLogCallback = func(rule types.MatchedRule)
ErrorLogCallback is used to set a callback function to log errors It is triggered when an error is raised by the WAF It contains the severity so the cb can decide to log it or not
type Rule ¶
type Rule struct { corazarules.RuleMetadata // Contains the Id of the parent rule if you are inside // a chain. Otherwise, it will be 0 ParentID_ int // Capture is used by the transaction to tell the operator // to capture variables on TX:0-9 Capture bool // Contains the child rule to chain, nil if there are no chains Chain *Rule // DisruptiveStatus is the status that will be set to interruptions // by disruptive rules DisruptiveStatus int // Message text to be macro expanded and logged // In future versions we might use a special type of string that // supports cached macro expansions. For performance Msg macro.Macro // Rule logdata LogData macro.Macro // If true, triggering this rule write to the error log Log bool // If true, triggering this rule write to the audit log Audit bool // If true, the transformations will be multi matched MultiMatch bool // Used for error logging Disruptive bool HasChain bool // contains filtered or unexported fields }
Rule is used to test a Transaction against certain operators and execute actions
func (*Rule) AddTransformation ¶
func (r *Rule) AddTransformation(name string, t rules.Transformation) error
AddTransformation adds a transformation to the rule it fails if the transformation cannot be found
func (*Rule) AddVariable ¶
AddVariable adds a variable to the rule The key can be a regexp.Regexp, a string or nil, in case of regexp it will be used to match the variable, in case of string it will be a fixed match, in case of nil it will match everything
func (*Rule) AddVariableNegation ¶
func (r *Rule) AddVariableNegation(v variables.RuleVariable, key string) error
AddVariableNegation adds an exception to a variable It passes through if the variable is not used It returns an error if the selector is empty, or applied on an undefined rule for example: OK: SecRule ARGS|!ARGS:id "..." OK: SecRule !ARGS:id "..." ERROR: SecRule !ARGS: "..."
func (*Rule) ClearTransformations ¶
func (r *Rule) ClearTransformations()
ClearTransformations clears all the transformations it is mostly used by the "none" transformation
func (*Rule) Evaluate ¶
func (r *Rule) Evaluate(tx rules.TransactionState) []types.MatchData
Evaluate will evaluate the current rule for the indicated transaction If the operator matches, actions will be evaluated, and it will return the matched variables, keys and values (MatchData)
func (*Rule) SetOperator ¶
SetOperator sets the operator of the rule There can be only one operator per rule functionName and params are used for logging
type RuleGroup ¶
type RuleGroup struct {
// contains filtered or unexported fields
}
RuleGroup is a collection of rules It contains all helpers required to manage the rules It is not concurrent safe, so it's not recommended to use it after compilation
func NewRuleGroup ¶
func NewRuleGroup() RuleGroup
NewRuleGroup creates an empty RuleGroup that can be attached to a WAF instance You might use this function to replace the rules and "reload" the WAF
func (*RuleGroup) DeleteByID ¶
DeleteByID removes a rule by it's Id
func (*RuleGroup) Eval ¶
func (rg *RuleGroup) Eval(phase types.RulePhase, tx *Transaction) bool
Eval rules for the specified phase, between 1 and 5 Returns true if transaction is disrupted
type Transaction ¶
type Transaction struct { // This is used to store log messages Logdata string // Rules will be skipped after a rule with this SecMarker is found SkipAfter string // Copies from the WAF instance that may be overwritten by the ctl action AuditEngine types.AuditEngineStatus AuditLogParts types.AuditLogParts ForceRequestBodyVariable bool RequestBodyAccess bool RequestBodyLimit int64 ResponseBodyAccess bool ResponseBodyLimit int64 RuleEngine types.RuleEngineStatus HashEngine bool HashEnforcement bool // Stores the last phase that was evaluated // Used by allow to skip phases LastPhase types.RulePhase // Handles request body buffers RequestBodyBuffer *BodyBuffer // Handles response body buffers ResponseBodyBuffer *BodyBuffer // Will skip this number of rules, this value will be decreased on each skip Skip int // Actions with capture features will read the capture state from this field // We have currently removed this feature as Capture will always run // We must reuse it in the future Capture bool // Contains a WAF instance for the current transaction WAF *WAF // Timestamp of the request Timestamp int64 // contains filtered or unexported fields }
Transaction is created from a WAF instance to handle web requests and responses, it contains a copy of most WAF configurations that can be safely changed. Transactions are used to store all data like URLs, request and response headers. Transactions are used to evaluate rules by phase and generate disruptive actions. Disruptive actions can be read from *tx.Interruption. It is safe to manage multiple transactions but transactions themself are not thread safe
func (*Transaction) AddArgument ¶
func (tx *Transaction) AddArgument(orig string, key string, value string)
AddArgument Add arguments GET or POST This will set ARGS_(GET|POST), ARGS, ARGS_NAMES, ARGS_COMBINED_SIZE and ARGS_(GET|POST)_NAMES
func (*Transaction) AddRequestHeader ¶
func (tx *Transaction) AddRequestHeader(key string, value string)
AddRequestHeader Adds a request header
With this method it is possible to feed Coraza with a request header. Note: Golang's *http.Request object will not contain a "Host" header, and you might have to force it
func (*Transaction) AddResponseHeader ¶
func (tx *Transaction) AddResponseHeader(key string, value string)
AddResponseHeader Adds a response header variable
With this method it is possible to feed Coraza with a response header.
func (*Transaction) AuditLog ¶
func (tx *Transaction) AuditLog() *loggers.AuditLog
AuditLog returns an AuditLog struct, used to write audit logs
func (*Transaction) CaptureField ¶
func (tx *Transaction) CaptureField(index int, value string)
CaptureField is used to set the TX:[index] variables by operators that supports capture, like @rx
func (*Transaction) Capturing ¶
func (tx *Transaction) Capturing() bool
func (*Transaction) Close ¶
func (tx *Transaction) Close() error
Close closes the transaction after phase 5 This method helps the GC to clean up the transaction faster and release resources It also allows caches the transaction back into the sync.Pool
func (*Transaction) Collection ¶
func (tx *Transaction) Collection(idx variables.RuleVariable) collection.Collection
func (*Transaction) ContentInjection ¶
func (tx *Transaction) ContentInjection() bool
func (*Transaction) Debug ¶
func (tx *Transaction) Debug() string
Debug will return a string with the transaction debug information
func (*Transaction) DebugLogger ¶
func (tx *Transaction) DebugLogger() loggers.DebugLogger
func (*Transaction) ExtractArguments ¶
func (tx *Transaction) ExtractArguments(orig string, uri string)
ExtractArguments transforms an url encoded string to a map and creates ARGS_POST|GET
func (*Transaction) GetField ¶
func (tx *Transaction) GetField(rv ruleVariableParams) []types.MatchData
GetField Retrieve data from collections applying exceptions In future releases we may remove de exceptions slice and make it easier to use
func (*Transaction) GetStopWatch ¶
func (tx *Transaction) GetStopWatch() string
GetStopWatch is used to debug phase durations Normally it should be named StopWatch() but it would be confusing
func (*Transaction) ID ¶
func (tx *Transaction) ID() string
func (*Transaction) Interrupt ¶
func (tx *Transaction) Interrupt(interruption *types.Interruption)
func (*Transaction) Interrupted ¶
func (tx *Transaction) Interrupted() bool
Interrupted will return true if the transaction was interrupted
func (*Transaction) Interruption ¶
func (tx *Transaction) Interruption() *types.Interruption
func (*Transaction) IsProcessableResponseBody ¶
func (tx *Transaction) IsProcessableResponseBody() bool
IsProcessableResponseBody returns true if the response body meets the criteria to be processed, response headers must be set before this. The content-type response header must be in the SecRequestBodyMime This is used by webservers to choose whether tostream response buffers directly to the client or write them to Coraza
func (*Transaction) MatchRule ¶
func (tx *Transaction) MatchRule(r *Rule, mds []types.MatchData)
MatchRule Matches a rule to be logged
func (*Transaction) MatchedRules ¶
func (tx *Transaction) MatchedRules() []types.MatchedRule
func (*Transaction) ParseRequestReader ¶
func (tx *Transaction) ParseRequestReader(data io.Reader) (*types.Interruption, error)
ParseRequestReader Parses binary request including body, it does only support http/1.1 and http/1.0 This function does not run ProcessConnection This function will store in memory the whole reader, DON't USE IT FOR PRODUCTION yet
func (*Transaction) ProcessConnection ¶
func (tx *Transaction) ProcessConnection(client string, cPort int, server string, sPort int)
ProcessConnection should be called at very beginning of a request process, it is expected to be executed prior to the virtual host resolution, when the connection arrives on the server. Important: Remember to check for a possible intervention.
func (*Transaction) ProcessLogging ¶
func (tx *Transaction) ProcessLogging()
ProcessLogging Logging all information relative to this transaction. An error log At this point there is not need to hold the connection, the response can be delivered prior to the execution of this method.
func (*Transaction) ProcessRequestBody ¶
func (tx *Transaction) ProcessRequestBody() (*types.Interruption, error)
ProcessRequestBody Performs the request body (if any)
This method perform the analysis on the request body. It is optional to call that function. If this API consumer already know that there isn't a body for inspect it is recommended to skip this step.
Remember to check for a possible intervention.
func (*Transaction) ProcessRequestHeaders ¶
func (tx *Transaction) ProcessRequestHeaders() *types.Interruption
ProcessRequestHeaders Performs the analysis on the request readers.
This method perform the analysis on the request headers, notice however that the headers should be added prior to the execution of this function.
note: Remember to check for a possible intervention.
func (*Transaction) ProcessResponseBody ¶
func (tx *Transaction) ProcessResponseBody() (*types.Interruption, error)
ProcessResponseBody Perform the request body (if any)
This method perform the analysis on the request body. It is optional to call that method. If this API consumer already know that there isn't a body for inspect it is recommended to skip this step.
note Remember to check for a possible intervention.
func (*Transaction) ProcessResponseHeaders ¶
func (tx *Transaction) ProcessResponseHeaders(code int, proto string) *types.Interruption
ProcessResponseHeaders Perform the analysis on the response readers.
This method perform the analysis on the response headers, notice however that the headers should be added prior to the execution of this function.
note: Remember to check for a possible intervention.
func (*Transaction) ProcessURI ¶
func (tx *Transaction) ProcessURI(uri string, method string, httpVersion string)
ProcessURI Performs the analysis on the URI and all the query string variables. This method should be called at very beginning of a request process, it is expected to be executed prior to the virtual host resolution, when the connection arrives on the server. note: There is no direct connection between this function and any phase of
the SecLanguages phases. It is something that may occur between the SecLanguage phase 1 and 2.
note: This function won't add GET arguments, they must be added with AddArgument
func (*Transaction) RemoveRuleByID ¶
func (tx *Transaction) RemoveRuleByID(id int)
RemoveRuleByID Removes a rule from the transaction It does not affect the WAF rules
func (*Transaction) RemoveRuleTargetByID ¶
func (tx *Transaction) RemoveRuleTargetByID(id int, variable variables.RuleVariable, key string)
RemoveRuleTargetByID Removes the VARIABLE:KEY from the rule ID It's mostly used by CTL to dynamically remove targets from rules
func (*Transaction) RequestBodyReader ¶
func (tx *Transaction) RequestBodyReader() (io.Reader, error)
func (*Transaction) RequestBodyWriter ¶
func (tx *Transaction) RequestBodyWriter() io.Writer
func (*Transaction) ResponseBodyReader ¶
func (tx *Transaction) ResponseBodyReader() (io.Reader, error)
func (*Transaction) ResponseBodyWriter ¶
func (tx *Transaction) ResponseBodyWriter() io.Writer
func (*Transaction) String ¶
func (tx *Transaction) String() string
func (*Transaction) Variables ¶
func (tx *Transaction) Variables() rules.TransactionVariables
type TransactionVariables ¶
type TransactionVariables struct {
// contains filtered or unexported fields
}
TransactionVariables has pointers to all the variables of the transaction
func NewTransactionVariables ¶
func NewTransactionVariables() *TransactionVariables
func (*TransactionVariables) Args ¶
func (v *TransactionVariables) Args() *collection.Proxy
func (*TransactionVariables) ArgsCombinedSize ¶
func (v *TransactionVariables) ArgsCombinedSize() *collection.SizeProxy
func (*TransactionVariables) ArgsGet ¶
func (v *TransactionVariables) ArgsGet() *collection.Map
func (*TransactionVariables) ArgsGetNames ¶
func (v *TransactionVariables) ArgsGetNames() *collection.TranslationProxy
func (*TransactionVariables) ArgsNames ¶
func (v *TransactionVariables) ArgsNames() *collection.TranslationProxy
func (*TransactionVariables) ArgsPath ¶
func (v *TransactionVariables) ArgsPath() *collection.Map
func (*TransactionVariables) ArgsPost ¶
func (v *TransactionVariables) ArgsPost() *collection.Map
func (*TransactionVariables) ArgsPostNames ¶
func (v *TransactionVariables) ArgsPostNames() *collection.TranslationProxy
func (*TransactionVariables) AuthType ¶
func (v *TransactionVariables) AuthType() *collection.Simple
func (*TransactionVariables) Duration ¶
func (v *TransactionVariables) Duration() *collection.Simple
func (*TransactionVariables) Env ¶
func (v *TransactionVariables) Env() *collection.Map
func (*TransactionVariables) Files ¶
func (v *TransactionVariables) Files() *collection.Map
func (*TransactionVariables) FilesCombinedSize ¶
func (v *TransactionVariables) FilesCombinedSize() *collection.Simple
func (*TransactionVariables) FilesNames ¶
func (v *TransactionVariables) FilesNames() *collection.Map
func (*TransactionVariables) FilesSizes ¶
func (v *TransactionVariables) FilesSizes() *collection.Map
func (*TransactionVariables) FilesTmpContent ¶
func (v *TransactionVariables) FilesTmpContent() *collection.Map
func (*TransactionVariables) FilesTmpNames ¶
func (v *TransactionVariables) FilesTmpNames() *collection.Map
func (*TransactionVariables) FullRequest ¶
func (v *TransactionVariables) FullRequest() *collection.Simple
func (*TransactionVariables) FullRequestLength ¶
func (v *TransactionVariables) FullRequestLength() *collection.Simple
func (*TransactionVariables) Geo ¶
func (v *TransactionVariables) Geo() *collection.Map
func (*TransactionVariables) HighestSeverity ¶
func (v *TransactionVariables) HighestSeverity() *collection.Simple
func (*TransactionVariables) IP ¶
func (v *TransactionVariables) IP() *collection.Map
func (*TransactionVariables) InboundDataError ¶
func (v *TransactionVariables) InboundDataError() *collection.Simple
func (*TransactionVariables) InboundErrorData ¶
func (v *TransactionVariables) InboundErrorData() *collection.Simple
func (*TransactionVariables) MatchedVar ¶
func (v *TransactionVariables) MatchedVar() *collection.Simple
func (*TransactionVariables) MatchedVarName ¶
func (v *TransactionVariables) MatchedVarName() *collection.Simple
func (*TransactionVariables) MatchedVars ¶
func (v *TransactionVariables) MatchedVars() *collection.Map
func (*TransactionVariables) MatchedVarsNames ¶
func (v *TransactionVariables) MatchedVarsNames() *collection.Map
func (*TransactionVariables) MultipartBoundaryQuoted ¶
func (v *TransactionVariables) MultipartBoundaryQuoted() *collection.Simple
func (*TransactionVariables) MultipartBoundaryWhitespace ¶
func (v *TransactionVariables) MultipartBoundaryWhitespace() *collection.Simple
func (*TransactionVariables) MultipartCrlfLfLines ¶
func (v *TransactionVariables) MultipartCrlfLfLines() *collection.Simple
func (*TransactionVariables) MultipartDataAfter ¶
func (v *TransactionVariables) MultipartDataAfter() *collection.Simple
func (*TransactionVariables) MultipartDataBefore ¶
func (v *TransactionVariables) MultipartDataBefore() *collection.Simple
func (*TransactionVariables) MultipartFileLimitExceeded ¶
func (v *TransactionVariables) MultipartFileLimitExceeded() *collection.Simple
func (*TransactionVariables) MultipartFilename ¶
func (v *TransactionVariables) MultipartFilename() *collection.Map
func (*TransactionVariables) MultipartHeaderFolding ¶
func (v *TransactionVariables) MultipartHeaderFolding() *collection.Simple
func (*TransactionVariables) MultipartInvalidHeaderFolding ¶
func (v *TransactionVariables) MultipartInvalidHeaderFolding() *collection.Simple
func (*TransactionVariables) MultipartInvalidPart ¶
func (v *TransactionVariables) MultipartInvalidPart() *collection.Simple
func (*TransactionVariables) MultipartInvalidQuoting ¶
func (v *TransactionVariables) MultipartInvalidQuoting() *collection.Simple
func (*TransactionVariables) MultipartLfLine ¶
func (v *TransactionVariables) MultipartLfLine() *collection.Simple
func (*TransactionVariables) MultipartMissingSemicolon ¶
func (v *TransactionVariables) MultipartMissingSemicolon() *collection.Simple
func (*TransactionVariables) MultipartName ¶
func (v *TransactionVariables) MultipartName() *collection.Map
func (*TransactionVariables) MultipartPartHeaders ¶
func (v *TransactionVariables) MultipartPartHeaders() *collection.Map
func (*TransactionVariables) MultipartStrictError ¶
func (v *TransactionVariables) MultipartStrictError() *collection.Simple
func (*TransactionVariables) MultipartUnmatchedBoundary ¶
func (v *TransactionVariables) MultipartUnmatchedBoundary() *collection.Simple
func (*TransactionVariables) OutboundDataError ¶
func (v *TransactionVariables) OutboundDataError() *collection.Simple
func (*TransactionVariables) PathInfo ¶
func (v *TransactionVariables) PathInfo() *collection.Simple
func (*TransactionVariables) QueryString ¶
func (v *TransactionVariables) QueryString() *collection.Simple
func (*TransactionVariables) RemoteAddr ¶
func (v *TransactionVariables) RemoteAddr() *collection.Simple
func (*TransactionVariables) RemoteHost ¶
func (v *TransactionVariables) RemoteHost() *collection.Simple
func (*TransactionVariables) RemotePort ¶
func (v *TransactionVariables) RemotePort() *collection.Simple
func (*TransactionVariables) RequestBasename ¶
func (v *TransactionVariables) RequestBasename() *collection.Simple
func (*TransactionVariables) RequestBody ¶
func (v *TransactionVariables) RequestBody() *collection.Simple
func (*TransactionVariables) RequestBodyError ¶
func (v *TransactionVariables) RequestBodyError() *collection.Simple
func (*TransactionVariables) RequestBodyErrorMsg ¶
func (v *TransactionVariables) RequestBodyErrorMsg() *collection.Simple
func (*TransactionVariables) RequestBodyLength ¶
func (v *TransactionVariables) RequestBodyLength() *collection.Simple
func (*TransactionVariables) RequestBodyProcessor ¶
func (v *TransactionVariables) RequestBodyProcessor() *collection.Simple
func (*TransactionVariables) RequestBodyProcessorError ¶
func (v *TransactionVariables) RequestBodyProcessorError() *collection.Simple
func (*TransactionVariables) RequestBodyProcessorErrorMsg ¶
func (v *TransactionVariables) RequestBodyProcessorErrorMsg() *collection.Simple
func (*TransactionVariables) RequestCookies ¶
func (v *TransactionVariables) RequestCookies() *collection.Map
func (*TransactionVariables) RequestCookiesNames ¶
func (v *TransactionVariables) RequestCookiesNames() *collection.Map
func (*TransactionVariables) RequestFilename ¶
func (v *TransactionVariables) RequestFilename() *collection.Simple
func (*TransactionVariables) RequestHeaders ¶
func (v *TransactionVariables) RequestHeaders() *collection.Map
func (*TransactionVariables) RequestHeadersNames ¶
func (v *TransactionVariables) RequestHeadersNames() *collection.Map
func (*TransactionVariables) RequestLine ¶
func (v *TransactionVariables) RequestLine() *collection.Simple
func (*TransactionVariables) RequestMethod ¶
func (v *TransactionVariables) RequestMethod() *collection.Simple
func (*TransactionVariables) RequestProtocol ¶
func (v *TransactionVariables) RequestProtocol() *collection.Simple
func (*TransactionVariables) RequestURI ¶
func (v *TransactionVariables) RequestURI() *collection.Simple
func (*TransactionVariables) RequestURIRaw ¶
func (v *TransactionVariables) RequestURIRaw() *collection.Simple
func (*TransactionVariables) RequestXML ¶
func (v *TransactionVariables) RequestXML() *collection.Map
func (*TransactionVariables) ResponseBody ¶
func (v *TransactionVariables) ResponseBody() *collection.Simple
func (*TransactionVariables) ResponseContentLength ¶
func (v *TransactionVariables) ResponseContentLength() *collection.Simple
func (*TransactionVariables) ResponseContentType ¶
func (v *TransactionVariables) ResponseContentType() *collection.Simple
func (*TransactionVariables) ResponseHeaders ¶
func (v *TransactionVariables) ResponseHeaders() *collection.Map
func (*TransactionVariables) ResponseHeadersNames ¶
func (v *TransactionVariables) ResponseHeadersNames() *collection.Map
func (*TransactionVariables) ResponseProtocol ¶
func (v *TransactionVariables) ResponseProtocol() *collection.Simple
func (*TransactionVariables) ResponseStatus ¶
func (v *TransactionVariables) ResponseStatus() *collection.Simple
func (*TransactionVariables) ResponseXML ¶
func (v *TransactionVariables) ResponseXML() *collection.Map
func (*TransactionVariables) Rule ¶
func (v *TransactionVariables) Rule() *collection.Map
func (*TransactionVariables) ServerAddr ¶
func (v *TransactionVariables) ServerAddr() *collection.Simple
func (*TransactionVariables) ServerName ¶
func (v *TransactionVariables) ServerName() *collection.Simple
func (*TransactionVariables) ServerPort ¶
func (v *TransactionVariables) ServerPort() *collection.Simple
func (*TransactionVariables) SessionID ¶
func (v *TransactionVariables) SessionID() *collection.Simple
func (*TransactionVariables) StatusLine ¶
func (v *TransactionVariables) StatusLine() *collection.Simple
func (*TransactionVariables) TX ¶
func (v *TransactionVariables) TX() *collection.Map
func (*TransactionVariables) UniqueID ¶
func (v *TransactionVariables) UniqueID() *collection.Simple
func (*TransactionVariables) UrlencodedError ¶
func (v *TransactionVariables) UrlencodedError() *collection.Simple
func (*TransactionVariables) UserID ¶
func (v *TransactionVariables) UserID() *collection.Simple
func (*TransactionVariables) XML ¶
func (v *TransactionVariables) XML() *collection.Map
type WAF ¶
type WAF struct { // ruleGroup object, contains all rules and helpers Rules RuleGroup // Audit mode status AuditEngine types.AuditEngineStatus // Array of logging parts to be used AuditLogParts types.AuditLogParts // Status of the content injection for responses and requests ContentInjection bool // If true, transactions will have access to the request body RequestBodyAccess bool // Request body page file limit RequestBodyLimit int64 // Request body in memory limit RequestBodyInMemoryLimit int64 // If true, transactions will have access to the response body ResponseBodyAccess bool // Response body memory limit ResponseBodyLimit int64 // Defines if rules are going to be evaluated RuleEngine types.RuleEngineStatus // If true, transaction will fail if response size is bigger than the page limit RejectOnResponseBodyLimit bool // If true, transaction will fail if request size is bigger than the page limit RejectOnRequestBodyLimit bool // Responses will only be loaded if mime is listed here ResponseBodyMimeTypes []string // Web Application id, apps sharing the same id will share persistent collections WebAppID string // Add significant rule components to audit log ComponentNames []string // Contains the regular expression for relevant status audit logging AuditLogRelevantStatus *regexp.Regexp // If true WAF engine will fail when remote rules cannot be loaded AbortOnRemoteRulesFail bool // Instructs the waf to change the Server response header ServerSignature string // This directory will be used to store page files TmpDir string // Sensor ID identifies the sensor in ac cluster SensorID string // Path to store data files (ex. cache) DataDir string // If true, the WAF will store the uploaded files in the UploadDir // directory UploadKeepFiles bool // UploadFileMode instructs the waf to set the file mode for uploaded files UploadFileMode fs.FileMode // UploadFileLimit is the maximum size of the uploaded file to be stored UploadFileLimit int // UploadDir is the directory where the uploaded files will be stored UploadDir string RequestBodyNoFilesLimit int64 RequestBodyLimitAction types.RequestBodyLimitAction ArgumentSeparator string // ProducerConnector is used by connectors to identify the producer // on audit logs, for example, apache-modcoraza ProducerConnector string // ProducerConnectorVersion is used by connectors to identify the producer // version on audit logs ProducerConnectorVersion string // Used for the debug logger Logger loggers.DebugLogger ErrorLogCb ErrorLogCallback // AuditLogWriter is used to write audit logs AuditLogWriter loggers.LogWriter }
WAF instance is used to store configurations and rules Every web application should have a different WAF instance, but you can share an instance if you are ok with sharing configurations, rules and logging. Transactions and SecLang parser requires a WAF instance You can use as many WAF instances as you want, and they are concurrent safe All WAF instance fields are immutable, if you update any of them in runtime you might create concurrency issues
func (*WAF) NewTransaction ¶
func (w *WAF) NewTransaction() *Transaction
NewTransaction Creates a new initialized transaction for this WAF instance
func (*WAF) NewTransactionWithID ¶
func (w *WAF) NewTransactionWithID(id string) *Transaction
func (*WAF) SetDebugLogLevel ¶
SetDebugLogLevel changes the debug level of the WAF instance
func (*WAF) SetDebugLogPath ¶
SetDebugLogPath sets the path for the debug log If the path is empty, the debug log will be disabled note: this is not thread safe
func (*WAF) SetErrorLogCb ¶
func (w *WAF) SetErrorLogCb(cb ErrorLogCallback)
SetErrorLogCb sets the callback function for error logging The error callback receives all the error data and some helpers to write modsecurity style logs