generated from gatewayd-io/plugin-template-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gatewayd_plugin.yaml
58 lines (56 loc) · 2.82 KB
/
gatewayd_plugin.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Plugin configuration file for GatewayD
compatibilityPolicy: "strict"
enableMetricsMerger: True
metricsMergerPeriod: 5s
healthCheckPeriod: 5s
reloadOnCrash: True
timeout: 30s
plugins:
- name: gatewayd-plugin-sql-ids-ips
# whether to enable or disable the plugin on the next run
enabled: True
# path to the plugin's binary file
localPath: ../gatewayd-plugin-sql-ids-ips/gatewayd-plugin-sql-ids-ips
url: github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips@latest
# Pass cmdline args to the plugin
args: ["--log-level", "info"]
# Pass environment variables to the plugin
# System-wide environment variables are passed to the plugin normally
# and they can be accessed via os.Environ().
# Defining any environment variables below will override system-wide environment variables.
env:
# The below environment variables are used by the plugin loader to verify the plugin's identity.
- MAGIC_COOKIE_KEY=GATEWAYD_PLUGIN
- MAGIC_COOKIE_VALUE=5712b87aa5d7e9f9e9ab643e6603181c5b796015cb1c09d6f5ada882bf2a1872
- METRICS_ENABLED=True
- METRICS_UNIX_DOMAIN_SOCKET=/tmp/gatewayd-plugin-sql-ids-ips.sock
- METRICS_PATH=/metrics
- PREDICTION_API_ADDRESS=http://localhost:8000
# Threshold determine the minimum prediction confidence
# required to detect an SQL injection attack. Any value
# between 0 and 1 is valid, and it is inclusive.
# Anything below 0.8 is not recommended,
# but it is dependent on the application and testing.
- THRESHOLD=0.8
- ENABLE_LIBINJECTION=True
# True (permissive): The plugin will block the request only if it detects an SQL injection
# attack and the prediction confidence is above the threshold. This is
# the default mode.
# False (strict): The plugin will block the request if it detects an SQL injection attack.
# This greatly increases the false positive rate.
- LIBINJECTION_PERMISSIVE_MODE=True
# The following env-vars are used to configure the plugin's response.
# Possible values: error or empty
- RESPONSE_TYPE=error
# Possible values: DEBUG, LOG, INFO, NOTICE, WARNING or EXCEPTION
- ERROR_SEVERITY=EXCEPTION
# Ref: https://www.postgresql.org/docs/current/errcodes-appendix.html
- ERROR_NUMBER=42000
- ERROR_MESSAGE=SQL injection detected
- ERROR_DETAIL=Back off, you're not welcome here.
# Possible values: trace, debug, info, warn, error
# Other values will result in no level being set.
- LOG_LEVEL=error
- SENTRY_DSN=https://379ef59ea0c55742957b06c94bc496e1@o4504550475038720.ingest.us.sentry.io/4507282732810240
# Checksum hash to verify the binary before loading
checksum: dee4aa014a722e1865d91744a4fd310772152467d9c6ab4ba17fd9dd40d3f724