{"id":13820130,"url":"https://github.com/traefik/plugin-log4shell","last_synced_at":"2025-09-11T18:36:34.094Z","repository":{"id":45372621,"uuid":"437951830","full_name":"traefik/plugin-log4shell","owner":"traefik","description":"Log4Shell is a middleware plugin for Traefik which blocks JNDI attacks based on HTTP header values","archived":false,"fork":false,"pushed_at":"2021-12-19T15:17:27.000Z","size":53,"stargazers_count":38,"open_issues_count":3,"forks_count":2,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-03-31T06:51:12.265Z","etag":null,"topics":["traefik","traefik-plugin"],"latest_commit_sha":null,"homepage":"https://plugins.traefik.io/plugins/628c9ec2ffc0cd18356a97a2/log4-shell","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/traefik.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-13T16:49:16.000Z","updated_at":"2024-07-05T03:09:33.000Z","dependencies_parsed_at":"2022-09-22T18:23:43.197Z","dependency_job_id":null,"html_url":"https://github.com/traefik/plugin-log4shell","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fplugin-log4shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fplugin-log4shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fplugin-log4shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/traefik%2Fplugin-log4shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/traefik","download_url":"https://codeload.github.com/traefik/plugin-log4shell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249738800,"owners_count":21318504,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["traefik","traefik-plugin"],"created_at":"2024-08-04T08:00:58.677Z","updated_at":"2025-04-19T16:32:57.831Z","avatar_url":"https://github.com/traefik.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Log4Shell Mitigation\n\n[![Build Status](https://github.com/traefik/plugin-log4shell/workflows/Main/badge.svg?branch=master)](https://github.com/traefik/plugin-log4shell/actions)\n\nLog4Shell is a middleware plugin for [Traefik](https://github.com/traefik/traefik) which blocks JNDI attacks based on HTTP header values.\n\nRelated to the Log4J CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228\n\n## Configuration\n\nRequirements: Traefik \u003e= v2.5.5\n\n### Static\n\n```bash\n--pilot.token=xxx\n--experimental.plugins.log4shell.modulename=github.com/traefik/plugin-log4shell\n--experimental.plugins.log4shell.version=v0.1.2\n```\n\n```yaml\npilot:\n  token: xxx\n\nexperimental:\n  plugins:\n    log4shell:\n      modulename: github.com/traefik/plugin-log4shell\n      version: v0.1.2\n```\n\n```toml\n[pilot]\n    token = \"xxx\"\n\n[experimental.plugins.log4shell]\n    modulename = \"github.com/traefik/plugin-log4shell\"\n    version = \"v0.1.2\"\n```\n\n### Dynamic\n\nTo configure the `Log4Shell` plugin you should create a [middleware](https://docs.traefik.io/middlewares/overview/) in your dynamic configuration as explained [here](https://docs.traefik.io/middlewares/overview/).\n\n#### File \n\n```yaml\nhttp:\n  middlewares:\n    log4shell-foo:\n      plugin:\n        log4shell:\n          errorCode: 200\n\n  routers:\n    my-router:\n      rule: Host(`localhost`)\n      middlewares:\n        - log4shell-foo\n      service: my-service\n\n  services:\n    my-service:\n      loadBalancer:\n        servers:\n          - url: 'http://127.0.0.1'\n```\n\n```toml\n[http.middlewares]\n  [http.middlewares.log4shell-foo.plugin.log4shell]\n    errorCode = 200\n\n[http.routers]\n  [http.routers.my-router]\n    rule = \"Host(`localhost`)\"\n    middlewares = [\"log4shell-foo\"]\n    service = \"my-service\"\n\n[http.services]\n  [http.services.my-service]\n    [http.services.my-service.loadBalancer]\n      [[http.services.my-service.loadBalancer.servers]]\n        url = \"http://127.0.0.1\"\n```\n\n#### Kubernetes\n\n```yaml\n---\napiVersion: traefik.containo.us/v1alpha1\nkind: Middleware\nmetadata:\n  name: log4shell-foo\nspec:\n  plugin:\n    log4shell:\n      errorCode: 200\n\n---\napiVersion: traefik.containo.us/v1alpha1\nkind: IngressRoute\nmetadata:\n  name: whoami\nspec:\n  entryPoints:\n    - web\n  routes:\n    - kind: Rule\n      match: Host(`whoami.localhost`)\n      middlewares:\n        - name: log4shell-foo\n      services:\n        - kind: Service\n          name: whoami-svc\n          port: 80\n```\n\n```yaml\n---\napiVersion: traefik.containo.us/v1alpha1\nkind: Middleware\nmetadata:\n  name: log4shell-foo\nspec:\n  plugin:\n    log4shell:\n      errorCode: 200\n\n---\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  name: myingress\n  annotations:\n    traefik.ingress.kubernetes.io/router.middlewares: default-log4shell-foo@kubernetescrd\n\nspec:\n  rules:\n    - host: whoami.localhost\n      http:\n        paths:\n          - path: /\n            pathType: Prefix\n            backend:\n              service:\n                name:  whoami\n                port:\n                  number: 80\n```\n\n#### Docker\n\n```yaml\nversion: '3.7'\n\nservices:\n  whoami:\n    image: traefik/whoami:v1.7.1\n    labels:\n      traefik.enable: 'true'\n\n      traefik.http.routers.app.rule: Host(`whoami.localhost`)\n      traefik.http.routers.app.entrypoints: websecure\n      traefik.http.routers.app.middlewares: log4shell-foo\n      \n      traefik.http.middlewares.log4shell-foo.plugin.log4shell.errorcode: 200\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftraefik%2Fplugin-log4shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftraefik%2Fplugin-log4shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftraefik%2Fplugin-log4shell/lists"}