Wafris Traefik plugin

The Wafris plugin for Traefik v2 adds firewall featured directly to your Traefik deployment.

Usage

Define the plugin in Static Configuration

Wafris plugin must be first defined in your Traefik static configuration.

There are three different, mutually exclusive (i.e. you can use only one at the same time), ways to define static configuration options in Traefik: 1. In a configuration file 2. In the command-line arguments 3. As environment variables

Static Config: YAML or TOML example

YAML Static configuration example:

# Define the module name for the wafris plugin
# we use wafrisPlugin in this example, but any valid module name works
experimental:
  plugins:
    wafrisPlugin:
      moduleName: github.com/Wafris/wafris-traefik
      version: v0.0.1

TOML Static configuration example:

# Define the module name for the wafris plugin
# we use wafrisPlugin in this example, but any valid module name works

experimental:
  plugins:
    wafrisPlugin:
      moduleName: github.com/Wafris/wafris-traefik
      version: v0.0.3

Static Config: CLI example

In this example, we use the name wafrisPlugin. Any valid module name should work.

--experimental.plugins.wafrisPlugin.modulename=github.com/Wafris/wafris-traefik --experimental.plugins.wafrisPlugin.version=v0.0.1

Add the plugin to a provider or router

In your traefik.yml or equivalent file, you typically create a provider. In this case we have an example provider defined by the loadbalancer.yml config file:

providers:
  # Enable the file provider to define routers / middlewares / services in file
  file:
    filename: loadbalancer.yml

The loadbalancer.yml config file can then be configured like so:

http:
  routers:
    my-router:
      rule: host(`demo.localhost`)
      service: service-foo
      entryPoints:
        - web
      middlewares:
        - waf-plugin

  services:
   service-foo:
      loadBalancer:
        servers:
          - url: http://127.0.0.1:2001
  
  middlewares:
    waf-plugin:
      plugin:
        wafrisPlugin:
          url: "redis://localhost:6379?protocol=3"
          wafris_timeout: 1.5
    

my-router is the primary router defined by loadbalancer.yml. It takes any request to http://demo.localhost/

service-foo is our name for the web app or website that sites behind traefik that you are routing visitors to.

waf-plugin is the arbitrary name of the middleware you are putting between inbound traffic and your web app. We define waf-plugin as a wrapper around the official Wafris traefik plugin and all Wafris configuration is done here.