Patterns

Appearance

Traefik Integration

This guide explains how to integrate the WAF patterns with Traefik using middleware plugins.

Quick Start

  1. Download traefik_waf.zip from Releases
  2. Extract the files
  3. Configure the middleware in your Traefik configuration

Configuration Files

The Traefik WAF package includes:

FilePurpose
middleware.tomlWAF middleware configuration
bots.tomlBad bot detection rules

Integration with File Provider

Step 1: Enable File Provider

In your traefik.toml or traefik.yml:

toml
[providers]
  [providers.file]
    directory = "/etc/traefik/dynamic"
    watch = true
yaml
providers:
  file:
    directory: /etc/traefik/dynamic
    watch: true

Step 2: Copy Middleware Files

Copy the WAF configuration files to your dynamic configuration directory:

bash
cp waf_patterns/traefik/*.toml /etc/traefik/dynamic/

Step 3: Apply Middleware to Routes

Reference the middleware in your router configuration:

toml
[http.routers.my-router]
  rule = "Host(`example.com`)"
  service = "my-service"
  middlewares = ["waf-protection", "bot-blocker"]

[http.middlewares.waf-protection.plugin.waf]
  # WAF configuration loaded from middleware.toml

[http.middlewares.bot-blocker.plugin.botblocker]
  # Bot blocking loaded from bots.toml
yaml
http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      middlewares:
        - waf-protection
        - bot-blocker

Integration with Docker Labels

For Docker-based deployments:

yaml
services:
  my-app:
    image: my-app:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.my-app.rule=Host(`example.com`)"
      - "traefik.http.routers.my-app.middlewares=waf@file"

Middleware Configuration

The middleware.toml contains regex-based blocking rules:

toml
[http.middlewares.waf.plugin.rewriteHeaders]
  # SQL Injection patterns
  [[http.middlewares.waf.plugin.rewriteHeaders.replacements]]
    regex = "(?i)union.*select"
    replacement = "BLOCKED"

Using with Traefik Plugins

For enhanced WAF capabilities, consider using community plugins:

yaml
experimental:
  plugins:
    waf:
      moduleName: "github.com/example/traefik-waf-plugin"
      version: "v1.0.0"

Customization

Add Custom Patterns

Edit middleware.toml to add your own patterns:

toml
[[http.middlewares.waf.plugin.rewriteHeaders.replacements]]
  regex = "your-custom-pattern"
  replacement = "BLOCKED"

Logging

Enable access logs to monitor blocked requests:

toml
[accessLog]
  filePath = "/var/log/traefik/access.log"
  format = "json"
  
  [accessLog.fields]
    [accessLog.fields.headers]
      defaultMode = "keep"

Testing

bash
# Test WAF detection
curl -H "Host: example.com" \
  "http://localhost/?id=1' OR '1'='1"

# Check Traefik logs
docker logs traefik 2>&1 | grep -i blocked

Troubleshooting

Middleware not loading

Check that the file provider is correctly configured and watching the right directory.

Routes not applying middleware

Ensure the middleware name matches exactly between router and middleware definition.

Performance considerations

Traefik's regex-based middleware can impact performance at high traffic. Monitor latency after enabling WAF rules.

Released under the MIT License.

Copyright © 2024-present Fabrizio Salmi