Of course, it would be a pleasure, but I still couldn't get it to work,
following the igor script I even managed to build it but it is generating the
following log.
------------------- begin ---------------------
1588299971.657027 [07] 0 clients connected
1588299971.657000 [09] 0 clients connected
1588299974.851659 [00] <1> New Client connection accepted and assigned to
worker 01
1588299974.851698 [01] <1> read_frame_cb
1588299974.851765 [01] <1> New Frame of 129 bytes received
1588299974.851774 [01] <1> Decode HAProxy HELLO frame
1588299974.851777 [01] <1> Supported versions : 2.0
1588299974.851779 [01] <1> HAProxy maximum frame size : 16380
1588299974.851780 [01] <1> HAProxy capabilities : pipelining,async
1588299974.851789 [01] <1> HAProxy supports frame pipelining
1588299974.851797 [01] <1> HAProxy supports asynchronous frame
1588299974.851800 [01] <1> HAProxy engine id :
a9dd7313-bb7e-46e2-a50e-5987dfa4f0d2
1588299974.851803 [01] <1> Encode Agent HELLO frame
1588299974.851810 [01] <1> Agent version : 2.0
1588299974.851813 [01] <1> Agent maximum frame size : 16380
1588299974.851816 [01] <1> Agent capabilities :
1588299974.851830 [01] <1> write_frame_cb
1588299974.851856 [01] <1> Frame of 54 bytes send
1588299974.851905 [01] <1> read_frame_cb
1588299974.851916 [01] <1> New Frame of 617 bytes received
1588299974.851925 [01] <1> Decode HAProxy NOTIFY frame
1588299974.851927 [01] <1> STREAM-ID=12 - FRAME-ID=1 - unfragmented frame
received - frag_len=0 - len=617 - offset=7
1588299974.851938 [01] Process frame messages : STREAM-ID=12 - FRAME-ID=1 -
length=610 bytes
1588299974.851946 [01] Process SPOE Message 'check-request'
1588299974.852077 [01] Encode Agent ACK frame
1588299974.852088 [01] STREAM-ID=12 - FRAME-ID=1
1588299974.852090 [01] Add action : set variable code=4294967195
1588299974.852098 [01] <1> write_frame_cb
1588299974.852125 [01] <1> Frame of 30 bytes send
1588299976.656052 [01] 1 clients connected
1588299976.657844 [04] 0 clients connected
1588299976.657858 [02] 0 clients connected
----------------------1588300001.660228 [08] 0 clients connected
1588300001.660241 [09] 0 clients connected
1588300001.660250 [01] 1 clients connected
1588300004.852590 [01] <1> read_frame_cb
1588300004.852619 [01] <1> New Frame of 49 bytes received
1588300004.852632 [01] <1> Decode HAProxy DISCONNECT frame
1588300004.852640 [01] <1> Disconnect status code : 2
1588300004.852647 [01] <1> Disconnect message : a timeout occurred
1588300004.852653 [01] <1> Peer closed connection: a timeout occurred
1588300004.852660 [01] <1> Encode Agent DISCONNECT frame
1588300004.852666 [01] <1> Disconnect status code : 2
1588300004.852671 [01] <1> Disconnect message : a timeout occurred
1588300004.852685 [01] <1> write_frame_cb
1588300004.852694 [01] Failed to write frame length : Broken pipe
1588300004.852704 [01] <1> Release client
1588300006.655592 [08] 0 clients connected
1588300006.655676 [09] 0 clients connected
1588300006.655608 [03] 0 clients connected
1588300006.655685 [01] 0 clients connected
---------------------------
Any idea?
when I compile with the new version it shows me the following message:
config.status: executing depfiles commands
config.status: executing libtool commands
configure: WARNING: unrecognized options: --disable-apache2-module,
--enable-standalone-module, --enable-pcre-study, --enable-pcre-jit, --with-apxs
my config:
---------- haproxy.cfg--------
global
maxconn 50000
user haproxy
defaults
timeout connect 10s
timeout client 30s
timeout server 30s
mode http
maxconn 3000
frontend my-front
bind 0.0.0.0:80
mode http
filter spoe engine modsecurity config /opt/haproxy/spoe-modsecurity.conf
http-request deny if { var(txn.modsec.code) -m int gt 0 }
default_backend webservers
backend spoe-modsecurity
mode tcp
server modsec-spoa1 192.168.10.120:12345
backend webservers
mode http
balance roundrobin
server web1 192.168.10.81:80 check
--------------------------
------------- spoe-modsecurity.conf ------
[modsecurity]
spoe-agent modsecurity-agent
messages check-request
option var-prefix modsec
timeout hello 100ms
timeout idle 30s
timeout processing 15ms
use-backend spoe-modsecurity
spoe-message check-request
args unique-id method path query req.ver req.hdrs_bin req.body_size req.body
event on-frontend-http-request
-----------------
--------modsecurity.conf----------
SecStatusEngine On
SecRuleEngine On
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
SecRule REQUEST_HEADERS:Content-Type "application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction Reject
SecRule REQBODY_ERROR "!@eq 0" \
"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request
body.',logdata:'%{reqbody_error_msg}',severity:2"
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,status:400, \
msg:'Multipart request body failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
DB %{MULTIPART_DATA_BEFORE}, \
DA %{MULTIPART_DATA_AFTER}, \
HF %{MULTIPART_HEADER_FOLDING}, \
LF %{MULTIPART_LF_LINE}, \
SM %{MULTIPART_MISSING_SEMICOLON}, \
IQ %{MULTIPART_INVALID_QUOTING}, \
IP %{MULTIPART_INVALID_PART}, \
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible
unmatched boundary.'"
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecRule TX:/^MSC_/ "!@streq 0" \
"id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged:
%{MATCHED_VAR_NAME}'"
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
SecTmpDir /tmp/
SecDataDir /tmp/
SecDebugLog /opt/modsecurity/var/log/debug.log
SecDebugLogLevel 3
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/modsec_audit.log
SecAuditLogStorageDir /opt/modsecurity/var/audit/
SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile unicode.mapping 20127
----------------------------
Any idea?
Regards. Em domingo, 26 de abril de 2020 08:55:33 GMT-4, Илья Шипицин
<[email protected]> escreveu:
вс, 26 апр. 2020 г. в 06:37, Ricardo Barbosa <[email protected]>:
Hello everyone, everything good? I'm studying how to enable the modsecurity
module, but I don't know how the compilation process is done.
I found this link
https://github.com/haproxy/haproxy/tree/master/contrib/modsecurity. but I
didn't understand how to do it, I downloaded the source code of haproxy and in
the file called INSTALL, the instructions are to run the make command, followed
by the "TARGET" parameter, using one of the following options:
linux-glibc, linux-glibc-legacy, solaris, freebsd, openbsd, netbsd, cygwin,
haiku, aix51, aix52, aix72-gcc, osx, generic, custom.
for example:
make TARGET=linux-glibc
however, there is no configure script. to execute and follow the instructions
on the website above. Does anyone have any idea how to do this?
indeed there are instructions on the mentioned page (it is README file).it is
pity not being clear, can you help to improve it ?
Best Regards
