envoyproxy/envoy

Parsing args in URIs and request body and matching them in the Generic Matching Engine

Open

#24,615 opened on 2022年12月18日

GitHub で見る
 (5 comments) (0 reactions) (0 assignees)C++ (5,373 forks)batch import
area/matchinghelp wanted

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (平均マージ 8d) (30d で 378 merged PRs)

説明

The Ability to Parse Args Is Essential for a WAF

We, Curiefense maintainers, willing to extend Generic Matching so it can act as de-facto Native WAF for Envoy users.

The vision is simple: Curiefense users will be able to activate the security policy in a given runnign environemtn, using generic-matching, since the rules will be renderd as such.

We have work on a PoC that already has the capabilitied to do so (attached yaml), yet, without the ability to parse and match entries in the queryString and request body, the WAF cannot be considered useful.

The table below describe the current capabilities and the missing ones, and tagged them with their priority (P1..P4)

Capabilities map

Function y/n Remarks
Match headers Yes
Match CIDR Yes
Query string args No P1
Body args No P1 form-url-encoded and multipart
JSON body No P2 nested structures
GraphQL body No P3
XML body No P4
Geo, ASN, IP INfo No Require MaxMind integration

So far, we have added support for the following Curiefense policy generation * WAF rules (signatures) * Global filters tagging * ACL

Curiefense team involved:

コントリビューターガイド