Skip to content
铭师堂的云原生升级实践Know more

WAF

Function Description

The waf plugin implements a ModSecurity-based rule protection engine, which can block suspicious requests based on user-defined rules, and supports OWASP CRS, providing basic protection features for the site.

Running Attributes

Plugin execution phase: authorization phase
Plugin execution priority: 330

Configuration Fields

NameData TypeFilling RequirementsDefault ValueDescription
useCRSboolOptionalfalseWhether to enable OWASP CRS, for details refer to coreruleset
secRulesarray of stringOptional-User-defined WAF protection rules, syntax rules can refer to ModSecurity Chinese Manual

Configuration Example

useCRS: true
secRules:
- "SecDebugLogLevel 3"
- "SecRuleEngine On"
- "SecAction \"id:100,phase:1,pass\""
- "SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\""
- "SecRule REQUEST_BODY \"@rx maliciouspayload\" \"id:102,phase:2,t:lowercase,deny\""

Based on this configuration, the following requests will be prohibited from access:

Terminal window
curl http://example.com/admin
curl http://example.com -d "maliciouspayload"