github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-11-16 01:12:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github_mirrors:Jul_31_2024-Dev
Branches Tags
github_mirrors:main github_mirrors:fix-entry-file-token-arg github_mirrors:09-11-25-dev github_mirrors:docker-stop-issue github_mirrors:update_docker_compose github_mirrors:fix-alpine-ca github_mirrors:Aug_08_2025-Dev github_mirrors:nginx_message_reader_improvements github_mirrors:conf-collector-upload github_mirrors:waf-tag github_mirrors:watchdog github_mirrors:prometheus_support github_mirrors:exception-fix github_mirrors:orianelou-patch-8 github_mirrors:orianelou-issue-tamplates github_mirrors:Mar_17_2025-Dev github_mirrors:docker-upgrade-issue github_mirrors:namspace-crds github_mirrors:Feb_27_2025-Dev github_mirrors:Feb_10_2025-Dev github_mirrors:oriane-23.12.24-adding-new-composes github_mirrors:Jan_12_2025-Dev github_mirrors:orianelou-patch-7 github_mirrors:Dec_29_2024-Dev github_mirrors:Nov_28_2024-Dev github_mirrors:Oct_14_2024-Dev github_mirrors:Sep_17_2024-Dev github_mirrors:Sep_15_2024-Dev github_mirrors:Sep_13_2024-Dev github_mirrors:Sep_11_2024-Dev github_mirrors:Aug_20_2024-Dev github_mirrors:orianelou-patch-6 github_mirrors:orianelou-patch-5 github_mirrors:orianelou-patch-4 github_mirrors:Jul_31_2024-Dev github_mirrors:danielei-hotifx-candidate github_mirrors:orianelou-crds github_mirrors:or github_mirrors:Jul_23_2024-Dev github_mirrors:Jul_04_2024-Dev github_mirrors:Jun_26_2024-Dev github_mirrors:orianelou-new-policy-files github_mirrors:Jun_09_2024-Dev github_mirrors:May_27_2024-Dev github_mirrors:Apr_21_2024-Dev github_mirrors:Apr_14_2024-Dev github_mirrors:Mar_21_2024-Dev github_mirrors:orianelou-patch-3 github_mirrors:WrightNed-patch-1 github_mirrors:Feb_28_2024 github_mirrors:orianelou-patch-apisix github_mirrors:Feb_13_2024 github_mirrors:Feb_06_2024-Dev github_mirrors:Jan_31_2024-Dev github_mirrors:Dec-24-2023 github_mirrors:Dec-12th-2023 github_mirrors:Nov_12_2023-Dev github_mirrors:open_appsec_add_agent_cache_for_rate_limit github_mirrors:orianelou-patch-2 github_mirrors:Sep_24_2023-Dev github_mirrors:Aug_23_2023-Dev github_mirrors:changing_socket_readiness_testing github_mirrors:support-advance-model github_mirrors:Jul_24_23_chart_update github_mirrors:Jul_06_2023-Dev github_mirrors:orianelou-patch-1 github_mirrors:workflow-08_05 github_mirrors:May_11_2023-Dev github_mirrors:crowdsec github_mirrors:Apr_27_2023-Dev github_mirrors:Mar_26_2023-Dev github_mirrors:Mar_13_2023-Dev github_mirrors:Mar_02_2023-Dev github_mirrors:Feb_22_2023-Dev github_mirrors:Feb_15_2023-Dev github_mirrors:Jan_22_2023-Dev github_mirrors:Jan_18_2023-Dev github_mirrors:Jan_16_2023
github_mirrors:1.1.30 github_mirrors:1.1.29 github_mirrors:1.1.27 github_mirrors:1.1.26 github_mirrors:1.1.25 github_mirrors:1.1.24 github_mirrors:1.1.23 github_mirrors:1.1.22 github_mirrors:1.1.21 github_mirrors:1.1.20 github_mirrors:1.1.19 github_mirrors:1.1.18 github_mirrors:1.1.17 github_mirrors:1.1.16 github_mirrors:1.1.15 github_mirrors:1.1.14 github_mirrors:v1.1.3 github_mirrors:1.1.12 github_mirrors:1.1.11 github_mirrors:1.1.10 github_mirrors:1.1.9 github_mirrors:1.1.8 github_mirrors:1.1.7 github_mirrors:1.1.6 github_mirrors:1.1.5 github_mirrors:1.1.4 github_mirrors:1.1.3 github_mirrors:1.1.2 github_mirrors:1.1.0 github_mirrors:1.0.1 github_mirrors:1.0.0 github_mirrors:0.9.1-rc github_mirrors:0.9.0-rc github_mirrors:0.8.0-rc
...
compare: github_mirrors:orianelou-patch-5
Branches Tags
github_mirrors:fix-entry-file-token-arg github_mirrors:main github_mirrors:09-11-25-dev github_mirrors:docker-stop-issue github_mirrors:update_docker_compose github_mirrors:fix-alpine-ca github_mirrors:Aug_08_2025-Dev github_mirrors:nginx_message_reader_improvements github_mirrors:conf-collector-upload github_mirrors:waf-tag github_mirrors:watchdog github_mirrors:prometheus_support github_mirrors:exception-fix github_mirrors:orianelou-patch-8 github_mirrors:orianelou-issue-tamplates github_mirrors:Mar_17_2025-Dev github_mirrors:docker-upgrade-issue github_mirrors:namspace-crds github_mirrors:Feb_27_2025-Dev github_mirrors:Feb_10_2025-Dev github_mirrors:oriane-23.12.24-adding-new-composes github_mirrors:Jan_12_2025-Dev github_mirrors:orianelou-patch-7 github_mirrors:Dec_29_2024-Dev github_mirrors:Nov_28_2024-Dev github_mirrors:Oct_14_2024-Dev github_mirrors:Sep_17_2024-Dev github_mirrors:Sep_15_2024-Dev github_mirrors:Sep_13_2024-Dev github_mirrors:Sep_11_2024-Dev github_mirrors:Aug_20_2024-Dev github_mirrors:orianelou-patch-6 github_mirrors:orianelou-patch-5 github_mirrors:orianelou-patch-4 github_mirrors:Jul_31_2024-Dev github_mirrors:danielei-hotifx-candidate github_mirrors:orianelou-crds github_mirrors:or github_mirrors:Jul_23_2024-Dev github_mirrors:Jul_04_2024-Dev github_mirrors:Jun_26_2024-Dev github_mirrors:orianelou-new-policy-files github_mirrors:Jun_09_2024-Dev github_mirrors:May_27_2024-Dev github_mirrors:Apr_21_2024-Dev github_mirrors:Apr_14_2024-Dev github_mirrors:Mar_21_2024-Dev github_mirrors:orianelou-patch-3 github_mirrors:WrightNed-patch-1 github_mirrors:Feb_28_2024 github_mirrors:orianelou-patch-apisix github_mirrors:Feb_13_2024 github_mirrors:Feb_06_2024-Dev github_mirrors:Jan_31_2024-Dev github_mirrors:Dec-24-2023 github_mirrors:Dec-12th-2023 github_mirrors:Nov_12_2023-Dev github_mirrors:open_appsec_add_agent_cache_for_rate_limit github_mirrors:orianelou-patch-2 github_mirrors:Sep_24_2023-Dev github_mirrors:Aug_23_2023-Dev github_mirrors:changing_socket_readiness_testing github_mirrors:support-advance-model github_mirrors:Jul_24_23_chart_update github_mirrors:Jul_06_2023-Dev github_mirrors:orianelou-patch-1 github_mirrors:workflow-08_05 github_mirrors:May_11_2023-Dev github_mirrors:crowdsec github_mirrors:Apr_27_2023-Dev github_mirrors:Mar_26_2023-Dev github_mirrors:Mar_13_2023-Dev github_mirrors:Mar_02_2023-Dev github_mirrors:Feb_22_2023-Dev github_mirrors:Feb_15_2023-Dev github_mirrors:Jan_22_2023-Dev github_mirrors:Jan_18_2023-Dev github_mirrors:Jan_16_2023
github_mirrors:1.1.30 github_mirrors:1.1.29 github_mirrors:1.1.27 github_mirrors:1.1.26 github_mirrors:1.1.25 github_mirrors:1.1.24 github_mirrors:1.1.23 github_mirrors:1.1.22 github_mirrors:1.1.21 github_mirrors:1.1.20 github_mirrors:1.1.19 github_mirrors:1.1.18 github_mirrors:1.1.17 github_mirrors:1.1.16 github_mirrors:1.1.15 github_mirrors:1.1.14 github_mirrors:v1.1.3 github_mirrors:1.1.12 github_mirrors:1.1.11 github_mirrors:1.1.10 github_mirrors:1.1.9 github_mirrors:1.1.8 github_mirrors:1.1.7 github_mirrors:1.1.6 github_mirrors:1.1.5 github_mirrors:1.1.4 github_mirrors:1.1.3 github_mirrors:1.1.2 github_mirrors:1.1.0 github_mirrors:1.0.1 github_mirrors:1.0.0 github_mirrors:0.9.1-rc github_mirrors:0.9.0-rc github_mirrors:0.8.0-rc

8 Commits
Jul_31_202 ... orianelou-

Author SHA1 Message Date
orianelou
92885cf2cd Update docker-compose.yaml 2024-08-20 14:42:37 +03:00
WrightNed
84327e0b19 Merge pull request #170 from openappsec/orianelou-patch-4 
Create docker-compose.yaml
 2024-08-05 13:12:40 +03:00
orianelou
b9723ba6ce Create docker-compose.yaml 
added compose for docker SWAG
 2024-08-05 12:06:37 +03:00
WrightNed
00e183b8c6 Merge pull request #169 from openappsec/Jul_31_2024-Dev 
Jul 31st update
 2024-08-01 18:10:44 +03:00
WrightNed
e859c167ed Merge pull request #167 from openappsec/orianelou-crds 
Orianelou crds
 2024-08-01 18:10:11 +03:00
orianelou
805e958cb9 Create open-appsec-crd-latest.yaml 2024-07-25 12:06:59 +03:00
orianelou
5bcd7cfcf1 Create open-appsec-crd-v1beta2.yaml 2024-07-25 12:05:57 +03:00
orianelou
ae6f2faeec Create open-appsec-crd-v1beta1.yaml 2024-07-25 12:04:22 +03:00
4 changed files with 3215 additions and 0 deletions
Expand all files Collapse all files

1321
config/crds/open-appsec-crd-latest.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

525
config/crds/open-appsec-crd-v1beta1.yaml Normal file
View File

@@ -0,0 +1,525 @@
Enter file contents hereapiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata :
name : customresponses.openappsec.io
spec:
group: openappsec.io
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
mode:
type: string
enum:
- block-page
#- redirect
- response-code-only
message-title:
type: string
message-body:
type: string
http-response-code:
type: integer
minimum: 100
maximum: 599
scope: Cluster
names:
plural: customresponses
singular: customresponse
kind: CustomResponse
shortNames:
- customresponse
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: exceptions.openappsec.io
spec:
group: openappsec.io
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: array
items:
type: object
required:
- action
properties:
action:
type: string
enum:
- skip
- accept
- drop
- suppressLog
sourceIp:
type: array
items:
type: string
url:
type: array
items:
type: string
sourceIdentifier:
type: array
items:
type: string
protectionName:
type: array
items:
type: string
paramValue:
type: array
items:
type: string
paramName:
type: array
items:
type: string
hostName:
type: array
items:
type: string
countryCode:
type: array
items:
type: string
countryName:
type: array
items:
type: string
comment:
type: string
scope: Cluster
names:
plural: exceptions
singular: exception
kind: Exception
shortNames:
- exception
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata :
name : logtriggers.openappsec.io
spec:
group: openappsec.io
versions:
- name: v1beta1
# Each version can be enabled/disabled by Served flag.
served: true
# One and only one version must be marked as the storage version.
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
access-control-logging:
type: object
properties:
allow-events:
type: boolean
drop-events:
type: boolean
appsec-logging:
type: object
properties:
detect-events:
type: boolean
prevent-events:
type: boolean
all-web-requests:
type: boolean
additional-suspicious-events-logging:
type: object
properties:
enabled:
type: boolean
minimum-severity:
type: string
enum:
- high
- critical
response-body:
type: boolean
response-code:
type: boolean
extended-logging:
type: object
properties:
url-path:
type: boolean
url-query:
type: boolean
http-headers:
type: boolean
request-body:
type: boolean
log-destination:
type: object
properties:
cloud:
type: boolean
syslog-service: #change to object array
type: array
items:
type: object
properties:
address:
type: string
port:
type: integer
file:
type: string
stdout:
type: object
properties:
format:
type: string
enum:
- json
- json-formatted
cef-service:
type: array
items:
type: object
properties:
address:
type: string
port:
type: integer
proto:
type: string
enum:
- tcp
- udp
scope: Cluster
names:
plural: logtriggers
singular: logtrigger
kind: LogTrigger
shortNames:
- logtrigger
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata :
name : policies.openappsec.io
spec:
group: openappsec.io
versions:
- name: v1beta1
# Each version can be enabled/disabled by Served flag.
served: true
# One and only one version must be marked as the storage version.
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
default:
type: object
properties:
mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
practices:
type: array
items:
type: string
triggers:
type: array
items:
type: string
custom-response:
type: string
source-identifiers:
type: string
trusted-sources:
type: string
exceptions:
type: array
items:
type: string
specific-rules:
type: array
items:
type: object
properties:
host:
type: string
mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
practices:
type: array
items:
type: string
triggers:
type: array
items:
type: string
custom-response:
type: string
source-identifiers:
type: string
trusted-sources:
type: string
exceptions:
type: array
items:
type: string
scope: Cluster
names:
plural: policies
singular: policy
kind: Policy
shortNames:
- policy
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata :
name : practices.openappsec.io
spec:
group: openappsec.io
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
web-attacks:
type: object
properties:
override-mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
minimum-confidence:
type: string
enum:
- medium
- high
- critical
max-url-size-bytes:
type: integer
max-object-depth:
type: integer
max-body-size-kb:
type: integer
max-header-size-bytes:
type: integer
protections:
type: object
properties:
csrf-enabled:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
error-disclosure-enabled:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
open-redirect-enabled:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
non-valid-http-methods:
type: boolean
anti-bot:
type: object
properties:
override-mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
injected-URIs:
type: array
items:
type: object
properties:
uri:
type: string
validated-URIs:
type: array
items:
type: object
properties:
uri:
type: string
snort-signatures:
type: object
properties:
override-mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
configmap:
type: array
items:
type: string
openapi-schema-validation:
type: object
properties:
override-mode:
type: string
enum:
- prevent-learn
- detect-learn
- prevent
- detect
- inactive
configmap:
type: array
items:
type: string
scope: Cluster
names:
plural: practices
singular: practice
kind: Practice
shortNames:
- practice
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata :
name : sourcesidentifiers.openappsec.io
spec:
group: openappsec.io
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: array
items:
type: object
properties:
sourceIdentifier:
type: string
enum:
- headerkey
- JWTKey
- cookie
- sourceip
- x-forwarded-for
value:
type: array
items:
type: string
scope: Cluster
names:
plural: sourcesidentifiers
singular: sourcesidentifier
kind: SourcesIdentifier
shortNames:
- sourcesidentifier
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata :
name : trustedsources.openappsec.io
spec:
group: openappsec.io
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
minNumOfSources:
type: integer
sourcesIdentifiers:
type: array
items:
type: string
scope: Cluster
names:
plural: trustedsources
singular: trustedsource
kind: TrustedSource
shortNames:
- trustedsource

1321
config/crds/open-appsec-crd-v1beta2.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

48
deployment/swag/docker-compose.yaml Normal file
View File

@@ -0,0 +1,48 @@
services:
swag-attachment:
image: ghcr.io/openappsec/swag-attachment:latest
ipc: host
restart: unless-stopped
container_name: swag-attachment
cap_add:
- NET_ADMIN
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- URL=yourdomain.url # replace yourdomain.url with your own domain
# make sure your domain's public IP resolves to
# the docker host for Let's Encrypt cert generation to succeed
- VALIDATION=http
# see https://docs.linuxserver.io/images/docker-swag/ for
# more cert generation/validation options
- STAGING=true # switch to 'false' after successful testing
volumes:
- ./swag-config:/config
ports:
- 443:443
- 80:80 #optional
appsec-agent:
container_name: appsec-agent
image: ghcr.io/openappsec/agent:latest
network_mode: service:swag-attachment
ipc: host
restart: unless-stopped
environment:
- user_email=user@email.com # adjust with your own email
- registered_server='SWAG'
# if autoPolicyLoad is set to true, open-appsec will apply
# changes in local_policy.yaml automatically
- autoPolicyLoad=true
# To connect to open-appsec central management WebUI
## create your WebUI profile at https://my.openappsec.io,
## enforce policy, copy the profile token from WebUI and add it below
- AGENT_TOKEN=
volumes:
- ./appsec-config:/etc/cp/conf
- ./appsec-data:/etc/cp/data
- ./appsec-logs:/var/log/nano_agent
- ./appsec-localconfig:/ext/appsec
command: /cp-nano-agent