> On 11 Apr 2017, at 11:24, Olivier Doucet <webmas...@ajeux.com> wrote: > > Hi Thierry, > > > > 2017-04-11 10:49 GMT+02:00 Thierry Fournier <thierry.fourn...@ozon.io>: > Hi list > > I join one usage of HAProxy / SPOE, it is WAF offloading. > > These patches are a first version, it have some limitations describe > in the README file in the directory contrib/modsecurity. > > - Christopher, please check the patch "BUG/MINOR", it is about spoe > functions. > > - The exemple of ModSecurity compilation can be improved. It is based > on my local distro. > > The feedback are welcome. > > Nice work for a first version ! I definitely see what great production usage > could be done with it.
thanks. > Your README file referenced several issues in ModSecurity itself, this is not > something I would expect from this highly used software … If you’re taking about the section ModSecurity bug, you must keep in mind that ModSecurity is written for Apache. The integration in HAProxy or NGINX is not “natural” for these soft. (Hi hope that the V3 will embed a more compatible API). The first bug is maybe due to my build system. In first time, I compile my own version of APR, and maybe it is caused by a bad compile parameter. In second time, I used APR from system, and I have the same bug. I have found some posts on Internet about this bug, but ant way to fix it. I suppose that this bug is not available with Apache. The configuration way to avoir this bug is using this conf: “SecAuditLogType Concurrent" The second bug is averred only with HAProxy and NGINX. ModSecurity with Apache doesn’t have this bug. I will be avoided without using wildcards. So, you can lists each included configuration file. > What happened if for some reason modSecurity does not answer in the timeout > defined ? Good question. I suppose that the answer is around the SPOE timeouts. > What happened if modsecurity throws an error ? The variable “txn.modsec.code” is not set. So this variable is set to 0 if all is good, not set if an error occurs, or it contains the recommended HTTP return code. Thierry > Olivier >
