feat: support chaitin-waf plugin #9838
Conversation
Signed-off-by: Ling Samuel (WSL) <lingsamuelgrace@gmail.com>
Signed-off-by: Ling Samuel (WSL) <lingsamuelgrace@gmail.com>
Signed-off-by: Ling Samuel (WSL) <lingsamuelgrace@gmail.com>
Signed-off-by: Ling Samuel (WSL) <lingsamuelgrace@gmail.com>
Signed-off-by: Ling Samuel (WSL) <lingsamuelgrace@gmail.com>
lingsamuel
requested review from
kingluo,
monkeyDluffy6017,
leslie-tsang and
AlinsRan
| 404 page not found | ||
| ``` | ||
|
|
||
| 当满足匹配条件时,正常请求依然可以触达: |
apisix/plugins/chaitin-waf.lua
Outdated
|
|
||
| local function get_conf(conf, metadata) | ||
| local t = { | ||
| mode = "block", -- block or monitor or off, default off |
|
|
||
| if conf.match then | ||
| for _, match in ipairs(conf.match) do | ||
| local exp, err = expr.new(match.vars) |
There was a problem hiding this comment.
Can we cache the result of expression compilation?
There was a problem hiding this comment.
We will do it after this pr
apisix/plugins/chaitin-waf.lua
Outdated
| config = { | ||
| type = "object", | ||
| properties = { | ||
| -- connect timeout, in milliseconds, integer, default 1s (1000ms) |
There was a problem hiding this comment.
Annotation looks unnecessary
There was a problem hiding this comment.
let's move it to the properties item desc?
| type = "object", | ||
| properties = { | ||
| host = { | ||
| type = "string", |
There was a problem hiding this comment.
It is recommended to use a stricter schema definition. https://github.com/apache/apisix/blob/master/apisix/schema_def.lua#L40
t/plugin/chaitin-waf-reject.t
Outdated
| - 9200 | ||
| - "127.0.0.1:9201" | ||
| plugins: | ||
| - chaitin-waf |
There was a problem hiding this comment.
The plugin has been enabled by default, there is no need to add it separately
apisix/plugins/chaitin-waf.lua
Outdated
| config = { | ||
| type = "object", | ||
| properties = { | ||
| -- connect timeout, in milliseconds, integer, default 1s (1000ms) |
There was a problem hiding this comment.
let's move it to the properties item desc?
| {"code": 403, "success":false, "message": "blocked by Chaitin SafeLine Web Application Firewall", "event_id": "51a268653f2c4189bfa3ec66afbcb26d"} | ||
| ``` | ||
|
|
||
| ## Disable Plugin |
There was a problem hiding this comment.
| ## Disable Plugin | |
| ## Delete Plugin |
This sections of all plugin docs (en/zh) have been corrected previously. Reference to the latest here: https://apisix.apache.org/docs/apisix/next/plugins/response-rewrite/#delete-plugin
|
|
||
| ## Disable Plugin | ||
|
|
||
| To disable the `chaitin-waf` plugin, remove the plugin configuration in the plugin configuration: |
There was a problem hiding this comment.
| To disable the `chaitin-waf` plugin, remove the plugin configuration in the plugin configuration: | |
| To remove the `chaitin-waf` plugin, delete the the corresponding JSON configuration from the Plugin configuration: |
| {"code": 403, "success":false, "message": "blocked by Chaitin SafeLine Web Application Firewall", "event_id": "51a268653f2c4189bfa3ec66afbcb26d"} | ||
| ``` | ||
|
|
||
| ## 禁用插件 |
| | add_header | bool | false | true | Whether to add response headers | | ||
| | add_debug_header | bool | false | false | Whether or not to add debugging headers, effective when `add_header` is `true`. | | ||
| | config | object | false | | Configuration of the Chaitin SafeLine WAF service. When the route is not configured, the parameters configured in the metadata are used. | | ||
| | config.connect_timeout | integer | false | | connect timeout, in milliseconds, integer | |
There was a problem hiding this comment.
| | config.connect_timeout | integer | false | | connect timeout, in milliseconds, integer | | |
| | config.connect_timeout | integer | false | | connect timeout, in milliseconds | |
Same for below. Remove all integer from the description as the data types have already been specified in Type.
Description
Fixes # (issue)
Checklist