Parsing args in URIs and request body and matching them in the Generic Matching Engine
#24,615 创建于 2022年12月18日
仓库指标
- Star
- (27,997 star)
- PR 合并指标
- (平均合并 8天) (30 天内合并 378 个 PR)
描述
The Ability to Parse Args Is Essential for a WAF
We, Curiefense maintainers, willing to extend Generic Matching so it can act as de-facto Native WAF for Envoy users.
The vision is simple: Curiefense users will be able to activate the security policy in a given runnign environemtn, using generic-matching, since the rules will be renderd as such.
We have work on a PoC that already has the capabilitied to do so (attached yaml), yet, without the ability to parse and match entries in the queryString and request body, the WAF cannot be considered useful.
The table below describe the current capabilities and the missing ones, and tagged them with their priority (P1..P4)
Capabilities map
| Function | y/n | Remarks |
|---|---|---|
| Match headers | Yes | |
| Match CIDR | Yes | |
| Query string args | No | P1 |
| Body args | No | P1 form-url-encoded and multipart |
| JSON body | No | P2 nested structures |
| GraphQL body | No | P3 |
| XML body | No | P4 |
| Geo, ASN, IP INfo | No | Require MaxMind integration |
So far, we have added support for the following Curiefense policy generation * WAF rules (signatures) * Global filters tagging * ACL
Curiefense team involved: