From a829142112ba3f061f4af09959c4d4acf75753ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20W=C3=B6hrl?= Date: Sat, 14 Oct 2023 11:30:08 +0200 Subject: [PATCH] add readme --- README.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bf6b3b7..7c2d458 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,10 @@ Targets: ``` ### Building requirements + Building the filter requires: -- [Go](https://go.dev/doc/install) + +- [Go](https://go.dev/doc/install) - [TinyGo](https://tinygo.org/getting-started/install/) Up to date required versions can be found looking at [`minGoVersion` and `tinygoMinorVersion` variables](./magefiles/magefile.go). @@ -39,6 +41,26 @@ go run mage.go build You will find the WASM plugin under `./build/main.wasm`. +### Building with `geoipLookup` Support + +#### Prerequisites + +Ensure you have [oschwald/geoip2-golang](https://github.com/oschwald/geoip2-golang) (GeoIP2) compatible databases. Place this file with the name `geoip.mmdb` in the project's root folder. + +#### Steps: + +1. **Choose Database Preference:** Depending on the type of the database you desire, set the `GEOIP` environment variable to either of the following: + + - For city-level database: `GEOIP=CITY` + - For country-level database: `GEOIP=COUNTRY` + +2. **Build the Project:** With the appropriate `GEOIP` variable set, proceed to build the project. + +```bash +export GEOIP=CITY +go run mage.go build +``` + ### Multiphase By default, coraza-proxy-wasm runs with multiphase evaluation enabled (See [coraza.rule.multiphase_evaluation](.magefiles/magefile.go) build tag). It enables the evaluation of rule variables in the phases that they are ready for, potentially anticipating the phase the rule is defined for. This feature suits coraza-proxy-wasm, and specifically Envoy request lifecycle, aiming to inspect data that has been received so far as soon as possible. It leads to enforce actions the earliest possible, avoiding WAF bypasses. This functionality, in conjunction with the [early blocking CRS feature](#recommendations-using-crs-with-proxy-wasm), permits to effectively raise the anomaly score and eventually drop the request at the earliest possible phase.