bryancall opened a new pull request, #12740: URL: https://github.com/apache/trafficserver/pull/12740
This plugin provides streaming body content inspection with configurable pattern matching and actions. It can be used to detect and mitigate CVE exploits and other malicious content patterns. ## Features - YAML-based configuration with rule definitions using filter/action schema - Header-based filtering (AND logic between headers, OR within patterns) - Case-insensitive header matching, case-sensitive body patterns - Configurable actions per rule: log, block, add_header (with multiple headers) - Support for both request and response body inspection - Streaming transform with lookback buffer for cross-boundary patterns - Optional max_content_length to skip large bodies - Configurable HTTP methods (request) and status codes (response) - Per-rule metrics counters for monitoring matches - Support for `<rule_name>` substitution in header values ## Actions - **log**: Log pattern matches via TSError - **block**: Set 403 Forbidden status and return error response - **add_header**: Add custom headers to server request or client response ## Includes - Comprehensive RST documentation - README.md quick reference - ATSReplayTest autests for request/response filtering scenarios Co-authored-by: Brian Neradt <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
