Fixed PR note & minor updates

corazawaf · Aug 4, 2023 · 3006a45 · 3006a45
1 parent 79d7742
commit 3006a45
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 21 deletions.
diff --git a/config.yaml.default b/config.yaml.default
@@ -34,7 +34,7 @@ applications:
     # The maximum number of transactions which can be cached
     transaction_active_limit: 100000
 
-    # Deprecated, doesn't work
+    # Deprecated, doesn't work. Use root.log.level
     log_level: info
-    # Deprecated, doesn't work
+    # Deprecated, doesn't work. Use root.log.file
     log_file: /dev/stdout
diff --git a/config/config.go b/config/config.go
@@ -70,7 +70,7 @@ func validateConfig() error {
 	log.Info().Msgf("Loading %d applications", len(Global.Applications))
 
 	for name, app := range Global.Applications {
-		log.Debug().Msgf("Validating %s application config", name)
+		log.Debug().Str("name", name).Msg("Validating application config")
 
 		// Deprecated: #70: use Config.Log.Level to set up application logging or SecDebugLogLevel to set up Coraza logging
 		if app.LogLevel != "" {

diff --git a/doc/config/haproxy.cfg b/doc/config/haproxy.cfg
@@ -6,18 +6,20 @@ defaults
     log global
     option httplog
     timeout client 1m
-	timeout server 1m
-	timeout connect 10s
-	timeout http-keep-alive 2m
-	timeout queue 15s
-	timeout tunnel 4h  # for websocket
+    timeout server 1m
+    timeout connect 10s
+    timeout http-keep-alive 2m
+    timeout queue 15s
+    timeout tunnel 4h  # for websocket
 
 frontend test
     mode http
     bind *:80
 
     unique-id-format %[uuid()]
     unique-id-header X-Unique-ID
+    log-format "%ci:%cp\ [%t]\ %ft\ %b/%s\ %Th/%Ti/%TR/%Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ %ID\ waf-action:\ %[var(txn.coraza.action)]\ spoe-error:\ %[var(txn.coraza.error)]\ spoa-error:\ %[var(txn.coraza.err_code)]\ %[var(txn.coraza.err_msg)]"
+
     filter spoe engine coraza config /etc/haproxy/coraza.cfg
 
     # Currently haproxy cannot use variables to set the code or deny_status, so this needs to be manually configured here
@@ -30,10 +32,14 @@ frontend test
     http-request silent-drop if { var(txn.coraza.action) -m str drop }
     http-response silent-drop if { var(txn.coraza.action) -m str drop }
 
-    # Deny in case of an error, when processing with the Coraza SPOA
+    # Deny in case of an error, when processing with the Coraza SPOE
     http-request deny deny_status 504 if { var(txn.coraza.error) -m int gt 0 }
     http-response deny deny_status 504 if { var(txn.coraza.error) -m int gt 0 }
 
+    # Deny in case of an error, when processing with the Coraza SPOA
+    http-request deny deny_status 504 if { var(txn.coraza.err_code) -m int gt 0 }
+    http-response deny deny_status 504 if { var(txn.coraza.err_code) -m int gt 0 }
+
     use_backend test_backend
 
 backend test_backend

diff --git a/docker/haproxy/haproxy.cfg b/docker/haproxy/haproxy.cfg
@@ -6,11 +6,11 @@ defaults
     log global
     option httplog
     timeout client 1m
-	  timeout server 1m
-	  timeout connect 10s
-	  timeout http-keep-alive 2m
-	  timeout queue 15s
-	  timeout tunnel 4h  # for websocket
+    timeout server 1m
+    timeout connect 10s
+    timeout http-keep-alive 2m
+    timeout queue 15s
+    timeout tunnel 4h  # for websocket
 
 frontend stats
     mode http

diff --git a/internal/spoa.go b/internal/spoa.go
@@ -161,8 +161,7 @@ func New(conf *config.Config) (*SPOA, error) {
 
 		waf, err := coraza.NewWAF(wafConf)
 		if err != nil {
-			log.Error().Err(err).Str("app", name).Msg("Unable to create WAF instance")
-			return nil, err
+			return nil, fmt.Errorf("Unable to create WAF instance. app:%s, err:%w", name, err)
 		}
 
 		app := &application{

diff --git a/log/log.go b/log/log.go
@@ -41,10 +41,10 @@ func InitLogging(file, level, spoeLevel string) {
 	currentLevel := Logger.GetLevel()
 	targetLevel, err := zerolog.ParseLevel(level)
 	if err != nil {
-		Error().Err(err).Msgf("Can't parse log level, using %v log level", currentLevel)
+		Error().Err(err).Msgf("Can't parse log level, using '%v' log level", currentLevel)
 
 	} else if targetLevel < currentLevel {
-		Debug().Msgf("Setting up %v log level", targetLevel)
+		Debug().Msgf("Setting up '%v' log level", targetLevel)
 		logger = logger.Level(targetLevel)
 	}
 
@@ -54,18 +54,18 @@ func InitLogging(file, level, spoeLevel string) {
 	currentSpoeLevel := spoelog.GetLevel()
 	targetSpoeLevel, err := spoelog.ParseLevel(spoeLevel)
 	if err != nil {
-		Error().Err(err).Msgf("Can't parse SPOE log level, using %v log level", currentSpoeLevel)
+		Error().Err(err).Msgf("Can't parse SPOE log level, using '%v' log level", currentSpoeLevel)
 
 	} else {
-		Debug().Msgf("Setting up %v SPOE log level", targetSpoeLevel)
+		Debug().Msgf("Setting up '%v' SPOE log level", targetSpoeLevel)
 		spoelog.SetLevel(targetSpoeLevel)
 	}
 }
 
 func SetDebug(debug bool) {
 	if debug && Logger.GetLevel() != zerolog.DebugLevel {
 		Logger = Logger.Level(zerolog.DebugLevel)
-		Debug().Msgf("Using %v log level", zerolog.DebugLevel)
+		Debug().Msgf("Using '%v' log level", zerolog.DebugLevel)
 	}
 }