-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCaddyfile
43 lines (37 loc) · 2.18 KB
/
Caddyfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
{
admin off
order ml_waf before respond
log {
level debug
}
}
:8080 {
handle {
ml_waf {
# Thresholds
anomaly_threshold 0.8 # Anomaly score above which traffic is marked as suspicious
blocking_threshold 0.95 # Anomaly score above which traffic is blocked
# Normal ranges for request attributes
normal_request_size_range 50 2000 # Min and max size (in bytes) of a normal request
normal_header_count_range 3 30 # Min and max number of headers in a normal request
normal_query_param_count_range 0 10 # Min and max number of query parameters in a normal request
normal_path_segment_count_range 1 5 # Min and max number of path segments in a normal request
# Additional attributes
normal_http_methods GET POST # Allowed HTTP methods (e.g., GET, POST)
normal_user_agents Chrome Firefox # Allowed User-Agent strings (e.g., Chrome, Firefox)
normal_referrers https://example.com # Allowed Referrer headers (e.g., trusted domains)
# Weights (sum = 1)
request_size_weight 0.3 # Most critical - large or tiny requests often indicate anomalies
header_count_weight 0.25 # Highly significant - unusual header counts are suspicious
query_param_count_weight 0.15 # Moderate - unusual query parameters can be indicative
http_method_weight 0.1 # Important - unusual HTTP methods could be malicious
user_agent_weight 0.1 # Important - bots or malicious actors often have abnormal User-Agents
referrer_weight 0.05 # Less significant - deviations may be less impactful
path_segment_count_weight 0.05 # Less significant - anomalies here are rarer
# Request history settings
history_window 10m # Time window for considering past requests (e.g., 5m, 1h)
max_history_entries 100 # Maximum number of past requests to keep in history
}
respond "Hello, world!"
}
}