From 3006a454e95f8bf31ed71c8ddab0bac824bab19e Mon Sep 17 00:00:00 2001 From: Thomas Anderson <127358482+zc-devs@users.noreply.github.com> Date: Fri, 4 Aug 2023 15:07:30 +0300 Subject: [PATCH] Fixed PR note & minor updates --- config.yaml.default | 4 ++-- config/config.go | 2 +- doc/config/haproxy.cfg | 18 ++++++++++++------ docker/haproxy/haproxy.cfg | 10 +++++----- internal/spoa.go | 3 +-- log/log.go | 10 +++++----- 6 files changed, 26 insertions(+), 21 deletions(-) diff --git a/config.yaml.default b/config.yaml.default index 1fb3f87..eda6a49 100644 --- a/config.yaml.default +++ b/config.yaml.default @@ -34,7 +34,7 @@ applications: # The maximum number of transactions which can be cached transaction_active_limit: 100000 - # Deprecated, doesn't work + # Deprecated, doesn't work. Use root.log.level log_level: info - # Deprecated, doesn't work + # Deprecated, doesn't work. Use root.log.file log_file: /dev/stdout \ No newline at end of file diff --git a/config/config.go b/config/config.go index 25f979e..490b5de 100644 --- a/config/config.go +++ b/config/config.go @@ -70,7 +70,7 @@ func validateConfig() error { log.Info().Msgf("Loading %d applications", len(Global.Applications)) for name, app := range Global.Applications { - log.Debug().Msgf("Validating %s application config", name) + log.Debug().Str("name", name).Msg("Validating application config") // Deprecated: #70: use Config.Log.Level to set up application logging or SecDebugLogLevel to set up Coraza logging if app.LogLevel != "" { diff --git a/doc/config/haproxy.cfg b/doc/config/haproxy.cfg index 6564bd8..84e337d 100644 --- a/doc/config/haproxy.cfg +++ b/doc/config/haproxy.cfg @@ -6,11 +6,11 @@ defaults log global option httplog timeout client 1m - timeout server 1m - timeout connect 10s - timeout http-keep-alive 2m - timeout queue 15s - timeout tunnel 4h # for websocket + timeout server 1m + timeout connect 10s + timeout http-keep-alive 2m + timeout queue 15s + timeout tunnel 4h # for websocket frontend test mode http @@ -18,6 +18,8 @@ frontend test unique-id-format %[uuid()] unique-id-header X-Unique-ID + log-format "%ci:%cp\ [%t]\ %ft\ %b/%s\ %Th/%Ti/%TR/%Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ %ID\ waf-action:\ %[var(txn.coraza.action)]\ spoe-error:\ %[var(txn.coraza.error)]\ spoa-error:\ %[var(txn.coraza.err_code)]\ %[var(txn.coraza.err_msg)]" + filter spoe engine coraza config /etc/haproxy/coraza.cfg # Currently haproxy cannot use variables to set the code or deny_status, so this needs to be manually configured here @@ -30,10 +32,14 @@ frontend test http-request silent-drop if { var(txn.coraza.action) -m str drop } http-response silent-drop if { var(txn.coraza.action) -m str drop } - # Deny in case of an error, when processing with the Coraza SPOA + # Deny in case of an error, when processing with the Coraza SPOE http-request deny deny_status 504 if { var(txn.coraza.error) -m int gt 0 } http-response deny deny_status 504 if { var(txn.coraza.error) -m int gt 0 } + # Deny in case of an error, when processing with the Coraza SPOA + http-request deny deny_status 504 if { var(txn.coraza.err_code) -m int gt 0 } + http-response deny deny_status 504 if { var(txn.coraza.err_code) -m int gt 0 } + use_backend test_backend backend test_backend diff --git a/docker/haproxy/haproxy.cfg b/docker/haproxy/haproxy.cfg index da9300b..75e129e 100644 --- a/docker/haproxy/haproxy.cfg +++ b/docker/haproxy/haproxy.cfg @@ -6,11 +6,11 @@ defaults log global option httplog timeout client 1m - timeout server 1m - timeout connect 10s - timeout http-keep-alive 2m - timeout queue 15s - timeout tunnel 4h # for websocket + timeout server 1m + timeout connect 10s + timeout http-keep-alive 2m + timeout queue 15s + timeout tunnel 4h # for websocket frontend stats mode http diff --git a/internal/spoa.go b/internal/spoa.go index 05355b5..38b2ab6 100644 --- a/internal/spoa.go +++ b/internal/spoa.go @@ -161,8 +161,7 @@ func New(conf *config.Config) (*SPOA, error) { waf, err := coraza.NewWAF(wafConf) if err != nil { - log.Error().Err(err).Str("app", name).Msg("Unable to create WAF instance") - return nil, err + return nil, fmt.Errorf("Unable to create WAF instance. app:%s, err:%w", name, err) } app := &application{ diff --git a/log/log.go b/log/log.go index 2716875..a0a63a1 100644 --- a/log/log.go +++ b/log/log.go @@ -41,10 +41,10 @@ func InitLogging(file, level, spoeLevel string) { currentLevel := Logger.GetLevel() targetLevel, err := zerolog.ParseLevel(level) if err != nil { - Error().Err(err).Msgf("Can't parse log level, using %v log level", currentLevel) + Error().Err(err).Msgf("Can't parse log level, using '%v' log level", currentLevel) } else if targetLevel < currentLevel { - Debug().Msgf("Setting up %v log level", targetLevel) + Debug().Msgf("Setting up '%v' log level", targetLevel) logger = logger.Level(targetLevel) } @@ -54,10 +54,10 @@ func InitLogging(file, level, spoeLevel string) { currentSpoeLevel := spoelog.GetLevel() targetSpoeLevel, err := spoelog.ParseLevel(spoeLevel) if err != nil { - Error().Err(err).Msgf("Can't parse SPOE log level, using %v log level", currentSpoeLevel) + Error().Err(err).Msgf("Can't parse SPOE log level, using '%v' log level", currentSpoeLevel) } else { - Debug().Msgf("Setting up %v SPOE log level", targetSpoeLevel) + Debug().Msgf("Setting up '%v' SPOE log level", targetSpoeLevel) spoelog.SetLevel(targetSpoeLevel) } } @@ -65,7 +65,7 @@ func InitLogging(file, level, spoeLevel string) { func SetDebug(debug bool) { if debug && Logger.GetLevel() != zerolog.DebugLevel { Logger = Logger.Level(zerolog.DebugLevel) - Debug().Msgf("Using %v log level", zerolog.DebugLevel) + Debug().Msgf("Using '%v' log level", zerolog.DebugLevel) } }