Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/traefik/plugin-log4shell
Log4Shell is a middleware plugin for Traefik which blocks JNDI attacks based on HTTP header values
https://github.com/traefik/plugin-log4shell
traefik traefik-plugin
Last synced: about 2 months ago
JSON representation
Log4Shell is a middleware plugin for Traefik which blocks JNDI attacks based on HTTP header values
- Host: GitHub
- URL: https://github.com/traefik/plugin-log4shell
- Owner: traefik
- License: apache-2.0
- Created: 2021-12-13T16:49:16.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2021-12-19T15:17:27.000Z (almost 3 years ago)
- Last Synced: 2024-06-19T01:56:55.376Z (3 months ago)
- Topics: traefik, traefik-plugin
- Language: Go
- Homepage: https://plugins.traefik.io/plugins/628c9ec2ffc0cd18356a97a2/log4-shell
- Size: 51.8 KB
- Stars: 37
- Watchers: 16
- Forks: 3
- Open Issues: 3
-
Metadata Files:
- Readme: readme.md
- License: LICENSE
Awesome Lists containing this project
README
# Log4Shell Mitigation
[![Build Status](https://github.com/traefik/plugin-log4shell/workflows/Main/badge.svg?branch=master)](https://github.com/traefik/plugin-log4shell/actions)
Log4Shell is a middleware plugin for [Traefik](https://github.com/traefik/traefik) which blocks JNDI attacks based on HTTP header values.
Related to the Log4J CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
## Configuration
Requirements: Traefik >= v2.5.5
### Static
```bash
--pilot.token=xxx
--experimental.plugins.log4shell.modulename=github.com/traefik/plugin-log4shell
--experimental.plugins.log4shell.version=v0.1.2
``````yaml
pilot:
token: xxxexperimental:
plugins:
log4shell:
modulename: github.com/traefik/plugin-log4shell
version: v0.1.2
``````toml
[pilot]
token = "xxx"[experimental.plugins.log4shell]
modulename = "github.com/traefik/plugin-log4shell"
version = "v0.1.2"
```### Dynamic
To configure the `Log4Shell` plugin you should create a [middleware](https://docs.traefik.io/middlewares/overview/) in your dynamic configuration as explained [here](https://docs.traefik.io/middlewares/overview/).
#### File
```yaml
http:
middlewares:
log4shell-foo:
plugin:
log4shell:
errorCode: 200routers:
my-router:
rule: Host(`localhost`)
middlewares:
- log4shell-foo
service: my-serviceservices:
my-service:
loadBalancer:
servers:
- url: 'http://127.0.0.1'
``````toml
[http.middlewares]
[http.middlewares.log4shell-foo.plugin.log4shell]
errorCode = 200[http.routers]
[http.routers.my-router]
rule = "Host(`localhost`)"
middlewares = ["log4shell-foo"]
service = "my-service"[http.services]
[http.services.my-service]
[http.services.my-service.loadBalancer]
[[http.services.my-service.loadBalancer.servers]]
url = "http://127.0.0.1"
```#### Kubernetes
```yaml
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: log4shell-foo
spec:
plugin:
log4shell:
errorCode: 200---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`whoami.localhost`)
middlewares:
- name: log4shell-foo
services:
- kind: Service
name: whoami-svc
port: 80
``````yaml
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: log4shell-foo
spec:
plugin:
log4shell:
errorCode: 200---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myingress
annotations:
traefik.ingress.kubernetes.io/router.middlewares: default-log4shell-foo@kubernetescrdspec:
rules:
- host: whoami.localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
number: 80
```#### Docker
```yaml
version: '3.7'services:
whoami:
image: traefik/whoami:v1.7.1
labels:
traefik.enable: 'true'traefik.http.routers.app.rule: Host(`whoami.localhost`)
traefik.http.routers.app.entrypoints: websecure
traefik.http.routers.app.middlewares: log4shell-foo
traefik.http.middlewares.log4shell-foo.plugin.log4shell.errorcode: 200
```