Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move HTTP message transformation to HTTPtables #1417

Open
krizhanovsky opened this issue Jun 8, 2020 · 0 comments
Open

Move HTTP message transformation to HTTPtables #1417

krizhanovsky opened this issue Jun 8, 2020 · 0 comments
Labels
crucial enhancement security
Milestone
1.2 - TBD

Comments

@krizhanovsky
Copy link
Contributor

krizhanovsky commented Jun 8, 2020
edited
Loading

Motivation

With WAF acceleration scenario we need a mechanism to define multi-layer rules, just like we integrate with the Netfilter, but now we need to integrate filters between different cluster nodes - Tempesta FW and a heavyweight WAF.

Use case: run a regular expression over a particular header(s) and set a custom header with a match identifier, e.g. X-Waf-Accel: 10. A WAF receiving the header can perform only checks requiring the pattern or skip checks since they definitely fail.

Scope

Need to support HTTP message modifications as an Action for HTTP tables.

With other HTTP tables extensions like #856 or #1416 , probably it's time to move HTTPtables to some more generic and faster mechanism like BFP. This is essentially #102.

Depends

Requires regular expressions #496

Testing

An extension for existing HTTPtables functional test is required.

Documentation

Update https://github.com/tempesta-tech/tempesta/wiki/HTTP-tables
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crucial enhancement security
Projects
None yet
Milestone
1.2 - TBD
Development

No branches or pull requests
1 participant
@krizhanovsky