External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 09:45:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/traefik/README.md
copilot-swe-agent[bot] 1fe6802ffe docs: Fix script names, improve CONTRIBUTING, add WAF READMEs, fix workflow 
Co-authored-by: fabriziosalmi <1569108+fabriziosalmi@users.noreply.github.com>
2025-11-15 19:33:13 +00:00

3.4 KiB
Raw Blame History

Traefik WAF Configuration

This directory contains Traefik WAF configuration files generated from OWASP CRS rules. You can use these middleware configurations to enhance security in your Traefik setup.

Prerequisites

  • Traefik v2.x or higher
  • Basic understanding of Traefik middleware

Configuration Files

The generated configuration includes:

  • Middleware definitions for request filtering
  • Regular expression patterns for attack detection
  • Bad bot/User-Agent blocking rules

Usage

Option 1: File Provider (Recommended)

  1. Copy the generated configuration files to your Traefik configuration directory:

    cp waf_patterns/traefik/*.toml /etc/traefik/dynamic/
# or to your custom config directory

  2. Configure Traefik to load dynamic configuration from files.

    In your traefik.yml or traefik.toml:

    providers:
  file:
    directory: "/etc/traefik/dynamic"
    watch: true

  3. Apply the middleware to your routes by referencing it in your service configuration:

    http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      middlewares:
        - waf-middleware

Option 2: Docker Labels

If you're using Docker, you can apply the middleware via labels:

services:
  my-service:
    image: my-app:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.my-router.rule=Host(`example.com`)"
      - "traefik.http.routers.my-router.middlewares=waf-middleware@file"

Option 3: Kubernetes IngressRoute

For Kubernetes deployments:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: waf-middleware
spec:
  plugin:
    # Reference your WAF plugin configuration here

Configuration Details

The middleware includes protection against:

  • SQL Injection (SQLi) attacks
  • Cross-Site Scripting (XSS) attempts
  • Remote Code Execution (RCE) patterns
  • Local File Inclusion (LFI) attempts
  • Malicious bots and crawlers

Testing

Test the WAF is working by sending a malicious request:

curl -H "User-Agent: AhrefsBot" http://yourserver.com
# Should be blocked if bot protection is working

curl "http://yourserver.com/?id=1' OR '1'='1"
# Should be blocked if SQLi protection is working

Monitoring

Monitor blocked requests in Traefik logs:

# Docker
docker logs traefik 2>&1 | grep -i "blocked\|forbidden"

# Standard installation
tail -f /var/log/traefik/access.log | grep -i "403"

Customization

You can customize the middleware behavior by:

  1. Editing the generated .toml files
  2. Adjusting regex patterns for your specific needs
  3. Modifying response codes and error pages
  4. Adding custom headers for blocked requests

Performance Considerations

  • Regular expression matching can impact performance under high load
  • Consider using caching middleware in combination with WAF
  • Monitor CPU usage and adjust rules if needed
  • Use Traefik's built-in rate limiting for additional protection

Notes

  • Rules are updated daily via GitHub Actions
  • Blocked requests typically return 403 Forbidden or 400 Bad Request
  • Middleware is applied at the router level
  • Compatible with other Traefik middlewares (chain them as needed)

Resources