https://github.com/haproxy/spoa-example

Example implementation of a very simple agent to use with HAProxy's SPOE filtering
https://github.com/haproxy/spoa-example

Last synced: 5 months ago
JSON representation

Example implementation of a very simple agent to use with HAProxy's SPOE filtering

• Host: GitHub
• URL: https://github.com/haproxy/spoa-example
• Owner: haproxy
• Created: 2021-04-21T07:27:40.000Z (about 4 years ago)
• Default Branch: master
• Last Pushed: 2021-04-21T07:28:42.000Z (about 4 years ago)
• Last Synced: 2023-03-10T21:48:06.572Z (about 2 years ago)
• Language: C
• Size: 45.9 KB
• Stars: 4
• Watchers: 3
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README

Awesome Lists containing this project

README

        
A Random IP reputation service acting as a Stream Processing Offload Agent

--------------------------------------------------------------------------

This is a very simple service that implement a "random" ip reputation

service. It will return random scores for all checked IP addresses. It only

shows you how to implement a ip reputation service or such kind of services

using the SPOE.

  Start the service

---------------------

After you have compiled it, to start the service, you just need to use "spoa"

binary:

    $> ./spoa  -h

    Usage: ./spoa [-h] [-d] [-p ] [-n ]

        -h                  Print this message

        -d                  Enable the debug mode

        -p            Specify the port to listen on (default: 12345)

        -n     Specify the number of workers (default: 5)

Note: A worker is a thread.

  Configure a SPOE to use the service

---------------------------------------

All information about SPOE configuration can be found in "doc/SPOE.txt". Here is

the configuration template to use for your SPOE:

    [ip-reputation]

    spoe-agent iprep-agent

        messages check-client-ip

        option var-prefix iprep

        timeout hello      100ms

        timeout idle       30s

        timeout processing 15ms

        use-backend iprep-backend

    spoe-message check-client-ip

        args src

        event on-client-session

The engine is in the scope "ip-reputation". So to enable it, you must set the

following line in a frontend/listener section:

    frontend my-front

        ...

        filter spoe engine ip-reputation config /path/spoe-ip-reputation.conf

	....

where "/path/spoe-ip-reputation.conf" is the path to your SPOE configuration

file. The engine name is important here, it must be the same than the one used

in the SPOE configuration file.

IMPORTANT NOTE:

    Because we want to send a message on the "on-client-session" event, this

    SPOE must be attached to a proxy with the frontend capability. If it is

    declared in a backend section, it will have no effet.

Because, in SPOE configuration file, we declare to use the backend

"iprep-backend" to communicate with the service, you must define it in HAProxy

configuration. For example:

    backend iprep-backend

        mode tcp

	timeout server 1m

	server iprep-srv 127.0.0.1:12345 check maxconn 5

In reply to the "check-client-ip" message, this service will set the variable

"ip_score" for the session, an integer between 0 and 100. If unchanged, the

variable prefix is "iprep". So the full variable name will be

"sess.iprep.ip_score".

You can use it in ACLs to experiment the SPOE feature. For example:

    tcp-request content reject if { var(sess.iprep.ip_score) -m int lt 20 }

With this rule, all IP address with a score lower than 20 will be rejected

(Remember, this score is random).