Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support APISIX #217

Open
monkeyDluffy6017 opened this issue Jul 27, 2023 · 20 comments
Open

Support APISIX #217

monkeyDluffy6017 opened this issue Jul 27, 2023 · 20 comments
Assignees
@Sn0rt

Comments

@monkeyDluffy6017
Copy link

monkeyDluffy6017 commented Jul 27, 2023
edited
Loading

Hi, folks! Do you have any plan to support APISIX, it's an API gateway built on openresty, and it also follows the proxy-wasm ABI.
@jcchavezs
Copy link
Member

Is it in-process? It would be worth to try but setup seems laborious, are you up for a PR like the Kong example?

Also worth to check the good work from @potats0 on coraza openresty

@potats0
Copy link

potats0 commented Jul 27, 2023

I've done

@monkeyDluffy6017
Copy link
Author

@jcchavezs Where is the Kong example?

@monkeyDluffy6017
Copy link
Author

monkeyDluffy6017 commented Jul 27, 2023
edited
Loading

@potats0 Do these libraries have the same function?

  1. https://github.com/potats0/lua-resty-coraza
  2. https://github.com/corazawaf/coraza-proxy-wasm

@jcchavezs
Copy link
Member

#144

@jcchavezs
Copy link
Member

jcchavezs commented Jul 27, 2023 via email

@potats0
Copy link

potats0 commented Jul 27, 2023
edited
Loading

@potats0 Do these libraries have the same function?

  1. https://github.com/potats0/lua-resty-coraza
  2. https://github.com/corazawaf/coraza-proxy-wasm

lua-resty-coraza is a library that a connector to coraza shared library, and can be used to openresty, also can be used to apisix. Indeed, I've developed a apisix plugin based on lua-resty-coraza. Here is a sample code of apisix plugin

function _M.access(conf, ctx)
    coraza.do_create_transaction(waf)
    coraza.do_access_filter()
    return coraza.do_handle()
end

function _M.header_filter(conf, ctx)
    core.log.info("plugin header_filter phase, conf: ", core.json.delay_encode(conf))
    coraza.do_header_filter()
    local status_code, _ = coraza.do_handle()
    if status_code then
        ngx.status = status_code
        core.response.clear_header_as_body_modified()
    end
end

@monkeyDluffy6017
Copy link
Author

Goog job! @potats0 @jcchavezs

@potats0
Copy link

potats0 commented Jul 27, 2023

Goog job! @potats0 @jcchavezs

Should I send the code to you for testing?

@monkeyDluffy6017
Copy link
Author

I've found the APISIX plugin repository: https://github.com/potats0/apisix-coraza, we'll test it later

@potats0
Copy link

potats0 commented Jul 27, 2023

I've found the APISIX plugin repository: https://github.com/potats0/apisix-coraza, we'll test it later

waiting me for update the code

@Sn0rt
Copy link

Sn0rt commented Aug 7, 2023

Do you have a company email address? I would like to communicate with you further. The content of the communication is mainly the following topics:

  1. I am an employee of API7, and I want to integrate APISIX with your company's WAF products at the enterprise level.

@jcchavezs

@jcchavezs
Copy link
Member

Sure you can find me in jc[at]tetrate.io replace [at] by @

@jcchavezs
Copy link
Member

Also pinged on apisix slack

@Sn0rt
Copy link

Sn0rt commented Aug 18, 2023
edited
Loading

/assign Sn0rt

@Sn0rt
Copy link

Sn0rt commented Sep 26, 2023

https://apisix.apache.org/blog/2023/09/08/APISIX-integrates-with-Coraza/

@jcchavezs
Copy link
Member

Thanks a lot. How about adding it in the e2e here. You can follow this https://github.com/corazawaf/coraza-proxy-wasm/tree/main/e2e and also #144. Are you up to that?

@Sn0rt
Copy link

Sn0rt commented Sep 26, 2023

Thanks a lot. How about adding it in the e2e here. You can follow this https://github.com/corazawaf/coraza-proxy-wasm/tree/main/e2e and also #144. Are you up to that?

can you assgin this issue to me ? I will move this issue to my backlog and wait to progress.

@jcchavezs
Copy link
Member

Sure!

@Sn0rt Sn0rt mentioned this issue Oct 13, 2023
Open
@meiko
Copy link

meiko commented Mar 12, 2024

The analysis of request and response bodies is not carried out because special APISIX properties are not set.
The callbacks OnHttpRequestBody and OnHttpResponseBody are not called. Corresponding properties must be set in the previously called callbacks.

This is also mentioned in the APISIX documentation: "To run this callback, we need to set property wasm_process_req_body to non-empty value in" https://apisix.apache.org/docs/apisix/wasm/

I tried this in my branch of the plugin and it seems to work.
proxywasm.SetProperty([]string{"wasm_process_req_body"}, []byte("true"))
https://github.com/meiko/coraza-proxy-wasm/blob/2f7bcf1db525926a78a7b05b85ed6a2ddb23d238/wasmplugin/plugin.go#L285

and
proxywasm.SetProperty([]string{"wasm_process_resp_body"}, []byte("true"))
https://github.com/meiko/coraza-proxy-wasm/blob/2f7bcf1db525926a78a7b05b85ed6a2ddb23d238/wasmplugin/plugin.go#L526

What do you think? Can this be included in the code base of the plugin like this or something similar?

@meiko meiko mentioned this issue Mar 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Sn0rt Sn0rt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@meiko @Sn0rt @jcchavezs @monkeyDluffy6017 @potats0