Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Redis support as Collection backend on libmodsecurity #1139

Open
zimmerle opened this issue May 5, 2016 · 13 comments
Open

Implement Redis support as Collection backend on libmodsecurity #1139

zimmerle opened this issue May 5, 2016 · 13 comments
Assignees
@zimmerle
Labels
libmodsec - missing features RIP - libmodsecurity
Milestone
v3.1.0

Comments

@zimmerle
Copy link
Contributor

zimmerle commented May 5, 2016

ModSecurity version 3 architecture allow the utilization of multiple backends, including redis. The support should be implemented. The interface is available here:

https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/headers/modsecurity/collection/collection.h
@zimmerle zimmerle self-assigned this May 5, 2016
@zimmerle zimmerle added this to the v3.0.0 - OWASP CRS Compatible milestone May 5, 2016
@zimmerle zimmerle mentioned this issue May 5, 2016
Closed
@tedwardia
Copy link

Will this support connecting to redis over a unix socket? Would be very useful for multi tenant environments :)

@zimmerle
Copy link
Contributor Author

Hi @tedwardia, the support for Redis [or Memcache] should be independent of transport. That way you will be able to use what fits better inside your environment. Notice that you will be also able to choose which backend you want to use.

@zimmerle zimmerle mentioned this issue Aug 25, 2016
Open
@zcwang3 zcwang3 mentioned this issue Sep 12, 2016
Closed
@HOSTED-POWER
Copy link

Hi,

Is there any redis support? Redis would be great for this!

@tomsommer
Copy link
Contributor

Major +1

@HOSTED-POWER
Copy link

HOSTED-POWER commented Feb 1, 2018
edited
Loading

It should be supported? And how to configure redis as backend? :)

@HugoSoszynski
Copy link

Hi,

The VultureProject team (https://vultureproject.org/) is currently developing this feature for ModSecurity v3.
We are working to make it available for everyone as soon as possible.

Regards,

Hugo SOSZYNSKI
Vulture Team

@zimmerle
Copy link
Contributor Author

@HugoSoszynski if you need to discuss any aspect of the implementation, I will be glad to help.

@zimmerle
Copy link
Contributor Author

@HugoSoszynski any position so far?

@HugoSoszynski
Copy link

Hi,

@zimmerle You can check the work done so far here : https://github.com/VultureProject/ModSecurity/tree/remotes/trunk/src/collection/backend .

A summary of the features and the design informations is available in my last commit (https://github.com/VultureProject/ModSecurity/commit/71ba1d041e10c508dc47a471f76185d2295d90da).

I am currently testing the internal methods such as querying and fail-over in our infrastructures as it is pretty hard to create a REDIS cluster on a Travis VM.
Once the internal methods are validated, I will implement the Collections methods and start Travis unit testing.

If you have any question, suggestion and / or correction to submit, feel free to open an Issue on the VultureProject repository.

Regards,

Hugo SOSZYNSKI
Vulture Team

@zimmerle
Copy link
Contributor Author

zimmerle commented Mar 1, 2018

good news! :) i will be looking in to it.

@HugoSoszynski
Copy link

Hi,

@zimmerle
In my quest to replicate the actual behavior of Collections with REDIS I'm having some trouble:

  • Is there any documentation about the exact detailed behavior of the Collection methods ?
  • As REDIS does not authorize multiple identical keys, I found a workaround using LIST object. However, it is pretty hard to emulate the behavior of an std::unordered_multimap or LMDB; must the REDIS Collection have the exact same behavior ?

I hope we find some solutions to these questions.
Regards,

Hugo SOSZYNSKI
Vulture Team

@zimmerle
Copy link
Contributor Author

zimmerle commented Mar 8, 2018

Hi @HugoSoszynski,

  • There is no documentation about it :(
  • There is the need to have a middle ware, converting the ModSecurity data into Redis and vice-versa. A good way to test if it is working is by running the regression tests.

@zimmerle zimmerle modified the milestones: v3.0.1, v3.0.2 Apr 2, 2018
@zimmerle zimmerle mentioned this issue May 18, 2018
Closed
@victorhora victorhora modified the milestones: v3.0.3, v3.0.4 Sep 5, 2018
@zimmerle zimmerle mentioned this issue Nov 1, 2018
Closed
@LeeShan87
Copy link

It seem VultureProject stopped implementing redis backend for modsecurity. :(

https://github.com/VultureProject/ModSecurity/

@zimmerle zimmerle mentioned this issue May 5, 2020
Open
@zimmerle zimmerle mentioned this issue Jul 9, 2020
Open
@amsnek amsnek mentioned this issue Jun 29, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

Labels
libmodsec - missing features RIP - libmodsecurity
Projects
None yet
Milestone
v3.1.0
Development

No branches or pull requests
7 participants
@tomsommer @zimmerle @tedwardia @LeeShan87 @victorhora @HugoSoszynski @zimmerlezen