Parsing args in URIs and request body and matching them in the Generic Matching Engine
#24 615 ouverte le 18 déc. 2022
Métriques du dépôt
- Stars
- (27 997 stars)
- Métriques de merge PR
- (Merge moyen 8j) (378 PRs mergées en 30 j)
Description
The Ability to Parse Args Is Essential for a WAF
We, Curiefense maintainers, willing to extend Generic Matching so it can act as de-facto Native WAF for Envoy users.
The vision is simple: Curiefense users will be able to activate the security policy in a given runnign environemtn, using generic-matching, since the rules will be renderd as such.
We have work on a PoC that already has the capabilitied to do so (attached yaml), yet, without the ability to parse and match entries in the queryString and request body, the WAF cannot be considered useful.
The table below describe the current capabilities and the missing ones, and tagged them with their priority (P1..P4)
Capabilities map
| Function | y/n | Remarks |
|---|---|---|
| Match headers | Yes | |
| Match CIDR | Yes | |
| Query string args | No | P1 |
| Body args | No | P1 form-url-encoded and multipart |
| JSON body | No | P2 nested structures |
| GraphQL body | No | P3 |
| XML body | No | P4 |
| Geo, ASN, IP INfo | No | Require MaxMind integration |
So far, we have added support for the following Curiefense policy generation * WAF rules (signatures) * Global filters tagging * ACL
Curiefense team involved: