-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stream inspection #171
Comments
Original reporter: ivanr |
ivanr: A more generic implementation would probably be a better choice. For example: SecStreamInspect REQUEST_BODY "@pm one two" log,pass,t:none |
You are not understanding what stream inspection means |
Thank you @csanders-git. Could you please clarify the meaning of stream inspection on this issue? And please let us know if this a feature that the community is missing. |
@zimmerle could also easily explain what this means, this means treating HTTP requests incoming as a stream instead of assembling them into a buffered request. |
Nice. Thanks for clarifying @csanders-git. Is this something that the CRS and / or the community are currently missing? If yes, I'll happily tag it for libModSecurity and see if we get some traction, otherwise it should be treated as #304 as it had no update / interest or for the past 5 years. Thanks for letting us know. |
MODSEC-18: Go beyond the discrete inspection model we currently have implemented, and toward streaming inspection. The idea is that the code would generate a number of streams, each streaming transaction data but in a slightly different way. Examples include:
Implementation:
Stream inspection would occur in real-time, as the content is being processed. There are two advantages of this approach:
The text was updated successfully, but these errors were encountered: