Parsing args in URIs and request body and matching them in the Generic Matching Engine
#24.615 geöffnet am 18. Dez. 2022
Repository-Metriken
- Stars
- (27.997 Stars)
- PR-Merge-Metriken
- (Durchschn. Merge 8T) (378 gemergte PRs in 30 T)
Beschreibung
The Ability to Parse Args Is Essential for a WAF
We, Curiefense maintainers, willing to extend Generic Matching so it can act as de-facto Native WAF for Envoy users.
The vision is simple: Curiefense users will be able to activate the security policy in a given runnign environemtn, using generic-matching, since the rules will be renderd as such.
We have work on a PoC that already has the capabilitied to do so (attached yaml), yet, without the ability to parse and match entries in the queryString and request body, the WAF cannot be considered useful.
The table below describe the current capabilities and the missing ones, and tagged them with their priority (P1..P4)
Capabilities map
| Function | y/n | Remarks |
|---|---|---|
| Match headers | Yes | |
| Match CIDR | Yes | |
| Query string args | No | P1 |
| Body args | No | P1 form-url-encoded and multipart |
| JSON body | No | P2 nested structures |
| GraphQL body | No | P3 |
| XML body | No | P4 |
| Geo, ASN, IP INfo | No | Require MaxMind integration |
So far, we have added support for the following Curiefense policy generation * WAF rules (signatures) * Global filters tagging * ACL
Curiefense team involved: