Skip to content

add section about IP blocking #589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add section about IP blocking #589

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions content/doc/addons/otoroshi.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,22 @@
### Enterprise Capabilities
Designed for production environments, the Coraza WAF plugin offers flexible configuration options, supporting both detection and prevention modes. It enables customized rule sets per domain and provides detailed security event tracking through Otoroshi's event management system. The implementation is optimized for minimal performance impact while maintaining robust security controls.

### Block single IPs

Check failure on line 110 in content/doc/addons/otoroshi.md

View workflow job for this annotation

GitHub Actions / vale

[vale] content/doc/addons/otoroshi.md#L110 

[Vale.Spelling] Did you really mean 'IPs'?
Raw output 
{"message": "[Vale.Spelling] Did you really mean 'IPs'?", "location": {"path": "content/doc/addons/otoroshi.md", "range": {"start": {"line": 110, "column": 18}}}, "severity": "ERROR"}

To block a single IP, you don't need Coraza WAF. In the "routes" section, choose the route you want to protect and then you should be able to add the plugin "IP Block list" and block one or several IPs.

Check failure on line 112 in content/doc/addons/otoroshi.md

View workflow job for this annotation

GitHub Actions / vale

[vale] content/doc/addons/otoroshi.md#L112 

[Vale.Spelling] Did you really mean 'IPs'?
Raw output 
{"message": "[Vale.Spelling] Did you really mean 'IPs'?", "location": {"path": "content/doc/addons/otoroshi.md", "range": {"start": {"line": 112, "column": 199}}}, "severity": "ERROR"}

Coraza is able to block IPs (or CIDR) too but you need to add customs rules based on "X-Forwarded-For" header such as:

Check failure on line 114 in content/doc/addons/otoroshi.md

View workflow job for this annotation

GitHub Actions / vale

[vale] content/doc/addons/otoroshi.md#L114 

[Vale.Spelling] Did you really mean 'IPs'?
Raw output 
{"message": "[Vale.Spelling] Did you really mean 'IPs'?", "location": {"path": "content/doc/addons/otoroshi.md", "range": {"start": {"line": 114, "column": 25}}}, "severity": "ERROR"}

Check notice on line 114 in content/doc/addons/otoroshi.md

View workflow job for this annotation

GitHub Actions / vale

[vale] content/doc/addons/otoroshi.md#L114 

[Google.Acronyms] Spell out 'CIDR', if it's unfamiliar to the audience.
Raw output 
{"message": "[Google.Acronyms] Spell out 'CIDR', if it's unfamiliar to the audience.", "location": {"path": "content/doc/addons/otoroshi.md", "range": {"start": {"line": 114, "column": 33}}}, "severity": "INFO"}

```coraza
SecRule REQUEST_HEADERS:X-Forwarded-For "@ipMatch 82.0.0.0/8" \
"id:100006,\
phase:1,\
drop,\
status:503,\
log,\
msg:'Forbidden IP range detected in Forwarded header'"
```

- [Otoroshi Coraza WAF documentation](https://maif.github.io/otoroshi/manual/how-to-s/instantiate-waf-coraza.html)

## Manage Otoroshi from its API
Expand Down
Loading