From 5faf21a4c95273b89b9d87f87a02fb3089f7cff9 Mon Sep 17 00:00:00 2001 From: wiaamm Date: Sat, 6 Dec 2025 22:15:45 +0200 Subject: [PATCH] Skip inspection for health checks and internal requests --- .../open-appsec-waf-kong-plugin/handler.lua | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua index 1a0dcab..fd5a49c 100755 --- a/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua +++ b/attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua @@ -16,6 +16,27 @@ function NanoHandler.init_worker() end function NanoHandler.access(conf) + -- Skip inspection for health checks and internal requests + local path = kong.request.get_path() + local user_agent = kong.request.get_header("User-Agent") or "" + local method = kong.request.get_method() + + -- Bypass health checks, status endpoints, and internal monitoring + if path == "/status" or + path == "/health" or + path:match("^/metrics") or + path:match("^/_health") or + path:match("^/kong") or -- Kong admin API paths + user_agent:match("kube%-probe") or + user_agent:match("Prometheus") or + user_agent:match("Go%-http%-client") or -- Common health checker + (method == "GET" and path == "/") then -- Root path health checks + kong.log.debug("Bypassing inspection for internal request: ", method, " ", path, " (UA: ", user_agent, ")") + kong.ctx.plugin.session_data = nil + kong.ctx.plugin.session_id = nil + return + end + local headers = kong.request.get_headers() local session_id = nano.generate_session_id() kong.service.request.set_header("x-session-id", tostring(session_id))