Update open-appsec-k8s-full-example-config-v1beta2.yaml

2025-11-19 18:44:24 +03:00 · 2025-04-16 13:48:22 +03:00
3 changed files with 11 additions and 6 deletions
--- a/components/security_apps/waap/waap_clib/Waf2Engine.cc
+++ b/components/security_apps/waap/waap_clib/Waf2Engine.cc
@@ -1093,9 +1093,12 @@ void Waf2Transaction::add_request_hdr(const char* name, int name_len, const char
 void Waf2Transaction::end_request_hdrs() {
    dbgFlow(D_WAAP) << "[transaction:" << this << "] end_request_hdrs";
    m_isScanningRequired = setCurrentAssetContext();
-
+    if (m_siteConfig != NULL)
-    extractEnvSourceIdentifier();
+    {
-
+        // getOverrideState also extracts the source identifier and populates m_source_identifier
        // but the State itself is not needed now
        Waap::Override::State overrideState = getOverrideState(m_siteConfig);
    }
    m_pWaapAssetState->m_requestsMonitor->logSourceHit(m_source_identifier);
    IdentifiersEvent ids(m_source_identifier, m_pWaapAssetState->m_assetId);
    ids.notify();
--- a/components/security_apps/waap/waap_clib/Waf2EngineGetters.cc
+++ b/components/security_apps/waap/waap_clib/Waf2EngineGetters.cc
@@ -594,6 +594,8 @@ Waap::Override::State Waf2Transaction::getOverrideState(IWaapConfig* sitePolicy)
        overrideState.applyOverride(*overridePolicy, WaapOverrideFunctor(*this), m_matchedOverrideIds, true);
    }
    extractEnvSourceIdentifier();
    if (overridePolicy) { // later we will run response overrides
        m_overrideState.applyOverride(*overridePolicy, WaapOverrideFunctor(*this), m_matchedOverrideIds, false);
    }
--- a/config/k8s/v1beta2/open-appsec-k8s-full-example-config-v1beta2.yaml
+++ b/config/k8s/v1beta2/open-appsec-k8s-full-example-config-v1beta2.yaml
@@ -39,10 +39,10 @@ kind: Exception
 metadata:
  name: exception-example
 spec:
-  action: accept
+  action: drop
  condition:
-    - key: countryCode
+    - key: sourceIP
-      value: US
+      value: 127.0.0.1
 ---
 apiVersion: openappsec.io/v1beta2