Skip to content
Higress 助力各行各业安全可靠接入DeepSeekKnow more
Latest
PLUGIN
HIGRESS CLOUD
BLOG
COMMUNITY
COMMUNITY Report a doc issue Contribute community Contributors
Resources Blog E-book
Higress case

API赋能AI,AI网关零代码解决AI幻觉问题

READ ARTICLE
Higress case

Higress 发布 v1.4,开放 AI 网关能力,增强云原生能力

READ ARTICLE
CONTACT US
GitHub
DingDing
DEVELOPER
DEMO
FAQ
EN

WAF

Function Description

The waf plugin implements a ModSecurity-based rule protection engine, which can block suspicious requests based on user-defined rules, and supports OWASP CRS, providing basic protection features for the site.

Running Attributes

Plugin execution phase: authorization phase
Plugin execution priority: 330

Configuration Fields

NameData TypeFilling RequirementsDefault ValueDescription
useCRSboolOptionalfalseWhether to enable OWASP CRS, for details refer to coreruleset
secRulesarray of stringOptional-User-defined WAF protection rules, syntax rules can refer to ModSecurity Chinese Manual

Configuration Example

useCRS: true
secRules:
  - "SecDebugLogLevel 3"
  - "SecRuleEngine On"
  - "SecAction \"id:100,phase:1,pass\""
  - "SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\""
  - "SecRule REQUEST_BODY \"@rx maliciouspayload\" \"id:102,phase:2,t:lowercase,deny\""

Based on this configuration, the following requests will be prohibited from access:

Terminal window
curl http://example.com/admin
curl http://example.com -d "maliciouspayload"