External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/docs/traefik.md
Fabrizio Salmi ea474cbcf2 Add VitePress documentation with GitHub Pages deployment 
- Create docs/ directory with VitePress configuration
- Add documentation for all web servers (Nginx, Apache, Traefik, HAProxy)
- Add bad bot detection and API reference documentation
- Add GitHub Actions workflow for automatic deployment to GitHub Pages
- Configure VitePress with sidebar, navigation, and search
2025-12-09 08:07:06 +01:00

169 lines
3.4 KiB
Markdown
Raw Permalink Blame History

# Traefik Integration
This guide explains how to integrate the WAF patterns with Traefik using middleware plugins.
## Quick Start
1. Download `traefik_waf.zip` from [Releases](https://github.com/fabriziosalmi/patterns/releases)
2. Extract the files
3. Configure the middleware in your Traefik configuration
## Configuration Files
The Traefik WAF package includes:
| File | Purpose |
|------|---------|
| `middleware.toml` | WAF middleware configuration |
| `bots.toml` | Bad bot detection rules |
## Integration with File Provider
### Step 1: Enable File Provider
In your `traefik.toml` or `traefik.yml`:
::: code-group
```toml [traefik.toml]
[providers]
[providers.file]
directory = "/etc/traefik/dynamic"
watch = true
```
```yaml [traefik.yml]
providers:
file:
directory: /etc/traefik/dynamic
watch: true
```
:::
### Step 2: Copy Middleware Files
Copy the WAF configuration files to your dynamic configuration directory:
```bash
cp waf_patterns/traefik/*.toml /etc/traefik/dynamic/
```
### Step 3: Apply Middleware to Routes
Reference the middleware in your router configuration:
::: code-group
```toml [dynamic/routes.toml]
[http.routers.my-router]
rule = "Host(`example.com`)"
service = "my-service"
middlewares = ["waf-protection", "bot-blocker"]
[http.middlewares.waf-protection.plugin.waf]
# WAF configuration loaded from middleware.toml
[http.middlewares.bot-blocker.plugin.botblocker]
# Bot blocking loaded from bots.toml
```
```yaml [dynamic/routes.yml]
http:
routers:
my-router:
rule: "Host(`example.com`)"
service: my-service
middlewares:
- waf-protection
- bot-blocker
```
:::
## Integration with Docker Labels
For Docker-based deployments:
```yaml
services:
my-app:
image: my-app:latest
labels:
- "traefik.enable=true"
- "traefik.http.routers.my-app.rule=Host(`example.com`)"
- "traefik.http.routers.my-app.middlewares=waf@file"
```
## Middleware Configuration
The `middleware.toml` contains regex-based blocking rules:
```toml
[http.middlewares.waf.plugin.rewriteHeaders]
# SQL Injection patterns
[[http.middlewares.waf.plugin.rewriteHeaders.replacements]]
regex = "(?i)union.*select"
replacement = "BLOCKED"
```
## Using with Traefik Plugins
For enhanced WAF capabilities, consider using community plugins:
```yaml
experimental:
plugins:
waf:
moduleName: "github.com/example/traefik-waf-plugin"
version: "v1.0.0"
```
## Customization
### Add Custom Patterns
Edit `middleware.toml` to add your own patterns:
```toml
[[http.middlewares.waf.plugin.rewriteHeaders.replacements]]
regex = "your-custom-pattern"
replacement = "BLOCKED"
```
### Logging
Enable access logs to monitor blocked requests:
```toml
[accessLog]
filePath = "/var/log/traefik/access.log"
format = "json"
[accessLog.fields]
[accessLog.fields.headers]
defaultMode = "keep"
```
## Testing
```bash
# Test WAF detection
curl -H "Host: example.com" \
"http://localhost/?id=1' OR '1'='1"
# Check Traefik logs
docker logs traefik 2>&1 | grep -i blocked
```
## Troubleshooting
### Middleware not loading
Check that the file provider is correctly configured and watching the right directory.
### Routes not applying middleware
Ensure the middleware name matches exactly between router and middleware definition.
### Performance considerations
Traefik's regex-based middleware can impact performance at high traffic. Monitor latency after enabling WAF rules.
Reference in New Issue View Git Blame Copy Permalink