Enable appsec only for specific NGINX locations
Hi. Is there a way to only enable the WAF (appsec) for certain NGINX locations? I'm reverse proxying different locations to different backends and I don't want the WAF applied to all of them.
6 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
Hello,
Currently, the configuration is global, but we plan to introduce a more granular configuration soon
@blotus Cool, that's great to hear. I'm running a single NGINX load balancer for multiple services so it makes it difficult to use unless it can be applied selectively. I did consider using a second NGINX instance in between the LB and the apps we want to firewall, but that would add unnecessary complexity.
Hi @blotus
Just wondering if this has been implemented yet? Would love to add appsec to my load balancer once I can exclude specific NGINX locations.
The code has been merged in the main branch of the bouncer, we did a few RC, so it should be available soon
@blotus Nice! Are there any docs online for the feature yet?
Actually, it might be already available, the documentation has already been merged: https://docs.crowdsec.net/u/bouncers/nginx#nginx-variables
Basically, you just need to set a nginx to control if the appsec is enabled or not per server/location/...
Nginx | CrowdSec
<img