mirror/caddy-waf
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/caddy-waf.git synced 2025-12-23 22:27:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

blacklisting tests added and updated

Browse Source
This commit is contained in:
fabriziosalmi
2025-01-26 14:35:48 +01:00
parent ee5fc71b43
commit 67673a6469
3 changed files with 443 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -18,3 +18,4 @@ dns_blacklist.txt
ip_blacklist.txt
waf_test_results_alt.log
waf_test_results_extended.log
log.json

328
blacklist_test.go
View File

@@ -1,260 +1,152 @@
package caddywaf
import (
"io/ioutil"
"os"
"testing"
"github.com/stretchr/testify/assert"
"go.uber.org/zap"
)
// TestLoadDNSBlacklistFromFile_EmptyFile tests loading from an empty file
func TestLoadDNSBlacklistFromFile_EmptyFile(t *testing.T) {
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
tmpFile, err := os.CreateTemp("", "dns_blacklist_empty-*.txt")
if err != nil {
t.Fatalf("Failed to create temporary file: %v", err)
}
defer os.Remove(tmpFile.Name())
tmpFile.Close()
dnsBlacklist := make(map[string]struct{})
err = bl.LoadDNSBlacklistFromFile(tmpFile.Name(), dnsBlacklist)
assert.NoError(t, err)
assert.Empty(t, dnsBlacklist)
}
// TestLoadIPBlacklistFromFile_EmptyFile tests loading from an empty file
func TestLoadIPBlacklistFromFile_EmptyFile(t *testing.T) {
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
tmpFile, err := os.CreateTemp("", "ip_blacklist_empty-*.txt")
if err != nil {
t.Fatalf("Failed to create temporary file: %v", err)
}
defer os.Remove(tmpFile.Name())
tmpFile.Close()
ipBlacklist := make(map[string]struct{})
err = bl.LoadIPBlacklistFromFile(tmpFile.Name(), ipBlacklist)
assert.NoError(t, err)
assert.Empty(t, ipBlacklist)
}
// TestLoadIPBlacklistFromFile_InvalidCIDR tests loading with an invalid CIDR range
func TestLoadIPBlacklistFromFile_InvalidCIDR(t *testing.T) {
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
tmpFile, err := os.CreateTemp("", "ip_blacklist_invalid-*.txt")
if err != nil {
t.Fatalf("Failed to create temporary file: %v", err)
}
defer os.Remove(tmpFile.Name())
_, err = tmpFile.WriteString("192.168.1.0/abc\n")
if err != nil {
t.Fatalf("Failed to write to temporary file: %v", err)
}
tmpFile.Close()
ipBlacklist := make(map[string]struct{})
err = bl.LoadIPBlacklistFromFile(tmpFile.Name(), ipBlacklist)
assert.NoError(t, err) // Loading should not fail completely, but log the error
assert.Empty(t, ipBlacklist)
}
// TestNewBlacklistLoader tests the creation of a new BlacklistLoader.
func TestNewBlacklistLoader(t *testing.T) {
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
assert.NotNil(t, bl)
assert.Equal(t, logger, bl.logger)
}
// TestLoadDNSBlacklistFromFile tests loading DNS entries from a file.
func TestLoadDNSBlacklistFromFile(t *testing.T) {
// Create temp file
content := `example.com
# Comment line
malicious.com
spaces.com
`
tmpfile, err := ioutil.TempFile("", "dnsblacklist")
if err != nil {
t.Fatal(err)
}
defer os.Remove(tmpfile.Name())
if _, err := tmpfile.Write([]byte(content)); err != nil {
t.Fatal(err)
}
if err := tmpfile.Close(); err != nil {
t.Fatal(err)
}
// Test loading DNS blacklist
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
dnsBlacklist := make(map[string]struct{})
// Create a temporary file with DNS entries
tmpFile, err := os.CreateTemp("", "dns_blacklist-*.txt")
err = bl.LoadDNSBlacklistFromFile(tmpfile.Name(), dnsBlacklist)
if err != nil {
t.Fatalf("Failed to create temporary file: %v", err)
t.Errorf("LoadDNSBlacklistFromFile returned error: %v", err)
}
defer os.Remove(tmpFile.Name())
// Write test DNS entries to the file
testEntries := []string{
"example.com",
"malicious.domain",
"# This is a comment",
"", // Empty line
// Verify entries
expected := map[string]struct{}{
"example.com": {},
"malicious.com": {},
"spaces.com": {},
}
for _, entry := range testEntries {
_, err := tmpFile.WriteString(entry + "\n")
if err != nil {
t.Fatalf("Failed to write to temporary file: %v", err)
for domain := range expected {
if _, exists := dnsBlacklist[domain]; !exists {
t.Errorf("Expected domain %s not found in blacklist", domain)
}
}
tmpFile.Close()
// Load the DNS blacklist
dnsBlacklist := make(map[string]struct{})
err = bl.LoadDNSBlacklistFromFile(tmpFile.Name(), dnsBlacklist)
assert.NoError(t, err)
// Validate the loaded entries
assert.Contains(t, dnsBlacklist, "example.com")
assert.Contains(t, dnsBlacklist, "malicious.domain")
assert.NotContains(t, dnsBlacklist, "# This is a comment")
assert.NotContains(t, dnsBlacklist, "")
}
// TestLoadDNSBlacklistFromFile_InvalidFile tests loading from a non-existent file.
func TestLoadDNSBlacklistFromFile_InvalidFile(t *testing.T) {
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
dnsBlacklist := make(map[string]struct{})
err := bl.LoadDNSBlacklistFromFile("nonexistent.txt", dnsBlacklist)
assert.Error(t, err)
assert.Contains(t, err.Error(), "failed to open DNS blacklist file") // Updated error message
}
// TestLoadIPBlacklistFromFile tests loading IP addresses and CIDR ranges from a file.
func TestLoadIPBlacklistFromFile(t *testing.T) {
// Create temp file
content := `192.168.1.1
# Comment line
10.0.0.0/24
172.16.1.1
invalid-ip
`
tmpfile, err := ioutil.TempFile("", "ipblacklist")
if err != nil {
t.Fatal(err)
}
defer os.Remove(tmpfile.Name())
if _, err := tmpfile.Write([]byte(content)); err != nil {
t.Fatal(err)
}
if err := tmpfile.Close(); err != nil {
t.Fatal(err)
}
// Test loading IP blacklist
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
ipBlacklist := make(map[string]struct{})
// Create a temporary file with IP entries
tmpFile, err := os.CreateTemp("", "ip_blacklist-*.txt")
err = bl.LoadIPBlacklistFromFile(tmpfile.Name(), ipBlacklist)
if err != nil {
t.Fatalf("Failed to create temporary file: %v", err)
t.Errorf("LoadIPBlacklistFromFile returned error: %v", err)
}
defer os.Remove(tmpFile.Name())
// Write test IP entries to the file
testEntries := []string{
"192.168.1.1",
"10.0.0.0/24",
"# This is a comment",
"", // Empty line
"invalid.ip.address",
// Verify entries
expected := map[string]struct{}{
"192.168.1.1": {},
"10.0.0.0/24": {},
"172.16.1.1": {},
}
for _, entry := range testEntries {
_, err := tmpFile.WriteString(entry + "\n")
if err != nil {
t.Fatalf("Failed to write to temporary file: %v", err)
for ip := range expected {
if _, exists := ipBlacklist[ip]; !exists {
t.Errorf("Expected IP/CIDR %s not found in blacklist", ip)
}
}
tmpFile.Close()
// Load the IP blacklist
ipBlacklist := make(map[string]struct{})
err = bl.LoadIPBlacklistFromFile(tmpFile.Name(), ipBlacklist)
assert.NoError(t, err)
// Validate the loaded entries
assert.Contains(t, ipBlacklist, "192.168.1.1")
assert.Contains(t, ipBlacklist, "10.0.0.0/24")
assert.NotContains(t, ipBlacklist, "# This is a comment")
assert.NotContains(t, ipBlacklist, "")
assert.NotContains(t, ipBlacklist, "invalid.ip.address")
}
// TestLoadIPBlacklistFromFile_InvalidFile tests loading from a non-existent file.
func TestLoadIPBlacklistFromFile_InvalidFile(t *testing.T) {
func TestExtractIP(t *testing.T) {
tests := []struct {
name string
input string
expected string
}{
{"IP with port", "192.168.1.1:8080", "192.168.1.1"},
{"IP only", "192.168.1.1", "192.168.1.1"},
{"IPv6 with port", "[2001:db8::1]:8080", "2001:db8::1"},
{"IPv6 only", "2001:db8::1", "2001:db8::1"},
}
logger := zap.NewNop()
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := extractIP(tt.input, logger)
if result != tt.expected {
t.Errorf("extractIP(%s) = %s; want %s", tt.input, result, tt.expected)
}
})
}
}
func TestAddIPEntry(t *testing.T) {
logger := zap.NewNop()
bl := NewBlacklistLoader(logger)
ipBlacklist := make(map[string]struct{})
err := bl.LoadIPBlacklistFromFile("nonexistent.txt", ipBlacklist)
assert.Error(t, err)
assert.Contains(t, err.Error(), "failed to open IP blacklist file") // Updated error message
}
// TestIsDNSBlacklisted tests checking if a host is blacklisted.
func TestIsDNSBlacklisted(t *testing.T) {
m := &Middleware{
dnsBlacklist: make(map[string]struct{}),
logger: zap.NewNop(),
tests := []struct {
input string
wantErr bool
expected bool
}{
{"192.168.1.1", false, true},
{"10.0.0.0/24", false, true},
{"2001:db8::1", false, true},
{"invalid-ip", true, false},
{"256.256.256.256", true, false},
}
// Add hosts to the blacklist
m.dnsBlacklist["example.com"] = struct{}{}
m.dnsBlacklist["malicious.domain"] = struct{}{}
for _, tt := range tests {
err := bl.addIPEntry(tt.input, ipBlacklist)
if (err != nil) != tt.wantErr {
t.Errorf("addIPEntry(%s) error = %v, wantErr %v", tt.input, err, tt.wantErr)
continue
}
// Test blacklisted hosts
assert.True(t, m.isDNSBlacklisted("example.com"))
assert.True(t, m.isDNSBlacklisted("MALICIOUS.DOMAIN")) // Case-insensitive check
// Test non-blacklisted hosts
assert.False(t, m.isDNSBlacklisted("google.com"))
assert.False(t, m.isDNSBlacklisted("")) // Empty host
}
// TestExtractIP tests extracting the IP address from a remote address string.
func TestExtractIP(t *testing.T) {
logger := zap.NewNop()
// Test valid remote address with port
remoteAddr := "192.168.1.1:8080"
ip := extractIP(remoteAddr, logger)
assert.Equal(t, "192.168.1.1", ip)
// Test invalid remote address (no port)
remoteAddr = "192.168.1.1"
ip = extractIP(remoteAddr, logger)
assert.Equal(t, "192.168.1.1", ip)
// Test invalid remote address (malformed)
remoteAddr = "invalid.address"
ip = extractIP(remoteAddr, logger)
assert.Equal(t, "invalid.address", ip)
}
func TestIsIPBlacklisted_MetricIncrement(t *testing.T) {
logger := zap.NewNop() // Or use a more verbose logger if needed
m := &Middleware{
logger: logger,
ipBlacklist: NewCIDRTrie(), // Initialize ipBlacklist
if _, exists := ipBlacklist[tt.input]; exists != tt.expected {
t.Errorf("addIPEntry(%s) added = %v, want %v", tt.input, exists, tt.expected)
}
}
m.ipBlacklist.Insert("192.168.1.1/32") // Blacklist a specific IP
initialCount := m.IPBlacklistBlockCount
isBlacklisted := m.isIPBlacklisted("192.168.1.1")
assert.True(t, isBlacklisted, "isIPBlacklisted should return true for blacklisted IP")
assert.Equal(t, initialCount+1, m.IPBlacklistBlockCount, "ipBlacklistBlockCount should be incremented")
isBlacklistedNonBlacklisted := m.isIPBlacklisted("192.168.2.2")
assert.False(t, isBlacklistedNonBlacklisted, "isIPBlacklisted should return false for non-blacklisted IP")
assert.Equal(t, initialCount+1, m.IPBlacklistBlockCount, "ipBlacklistBlockCount should NOT be incremented again for non-blacklisted IP in this test run")
}
func TestIsDNSBlacklisted_MetricIncrement(t *testing.T) {
logger := zap.NewNop()
m := &Middleware{
logger: logger,
dnsBlacklist: make(map[string]struct{}), // Initialize dnsBlacklist
}
m.dnsBlacklist["test.domain"] = struct{}{} // Add an entry to the blacklist
initialCount := m.DNSBlacklistBlockCount
isBlacklisted := m.isDNSBlacklisted("test.domain")
assert.True(t, isBlacklisted, "isDNSBlacklisted should return true for blacklisted domain")
assert.Equal(t, initialCount+1, m.DNSBlacklistBlockCount, "dnsBlacklistBlockCount should be incremented")
isNotBlacklisted := m.isDNSBlacklisted("good.domain")
assert.False(t, isNotBlacklisted, "isDNSBlacklisted should return false for non-blacklisted domain")
assert.Equal(t, initialCount+1, m.DNSBlacklistBlockCount, "dnsBlacklistBlockCount should NOT be incremented again for non-blacklisted domain in this test run")
}

332
log.json
View File

@@ -157,3 +157,335 @@
{"level":"DEBUG","ts":"2025/01/24 23:19:42.563","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/24 23:19:42.563","msg":"WAF request evaluation started","log_id":"29794d7f-7de8-4716-9d36-468a78f66324","method":"GET","uri":"/test","remote_address":"192.0.2.1:1234","user_agent":""}
{"level":"DEBUG","ts":"2025/01/24 23:19:42.564","msg":"Starting phase evaluation","phase":1,"source_ip":"192.0.2.1:1234","user_agent":""}
{"level":"INFO","ts":"2025/01/26 14:31:46.268","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:31:46.268","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:31:46.268","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:31:46.268","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.268","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation started","log_id":"4f344b6d-db3c-44a8-9b57-952d81043f8a","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Response body captured for Phase 4 analysis","log_id":"4f344b6d-db3c-44a8-9b57-952d81043f8a"}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation completed","log_id":"4f344b6d-db3c-44a8-9b57-952d81043f8a","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation started","log_id":"60e14c49-3f69-4af0-ac51-eb08a5d94251","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"10.0.0.5","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Response body captured for Phase 4 analysis","log_id":"60e14c49-3f69-4af0-ac51-eb08a5d94251"}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation completed","log_id":"60e14c49-3f69-4af0-ac51-eb08a5d94251","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation started","log_id":"a78461b2-6e22-43d5-8168-a416b1036db2","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Response body captured for Phase 4 analysis","log_id":"a78461b2-6e22-43d5-8168-a416b1036db2"}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation completed","log_id":"a78461b2-6e22-43d5-8168-a416b1036db2","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation started","log_id":"9c0cb1ef-4dd3-46a2-9e76-ba581961ef54","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"192.168.3.3","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Response body captured for Phase 4 analysis","log_id":"9c0cb1ef-4dd3-46a2-9e76-ba581961ef54"}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation completed","log_id":"9c0cb1ef-4dd3-46a2-9e76-ba581961ef54","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation started","log_id":"29563537-5554-4327-b21c-086b0d5446de","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Response body captured for Phase 4 analysis","log_id":"29563537-5554-4327-b21c-086b0d5446de"}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation completed","log_id":"29563537-5554-4327-b21c-086b0d5446de","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation started","log_id":"db2f375f-7977-48b6-9289-6604e054f465","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"","r.RemoteAddr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.269","msg":"Response body captured for Phase 4 analysis","log_id":"db2f375f-7977-48b6-9289-6604e054f465"}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"WAF request evaluation completed","log_id":"db2f375f-7977-48b6-9289-6604e054f465","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:31:46.269","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:31:46.270","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:31:46.270","msg":"Skipping file watch, file does not exist","file":"nonexistent.txt"}
{"level":"WARN","ts":"2025/01/26 14:31:46.270","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:31:46.270","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:31:46.270","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/26 14:32:06.259","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:32:06.260","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation started","log_id":"d41168ff-6ae1-46e4-a399-08eb82a1bece","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Response body captured for Phase 4 analysis","log_id":"d41168ff-6ae1-46e4-a399-08eb82a1bece"}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation completed","log_id":"d41168ff-6ae1-46e4-a399-08eb82a1bece","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation started","log_id":"87fb1733-d146-4369-bded-20dcfccc07e2","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"10.0.0.5","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Response body captured for Phase 4 analysis","log_id":"87fb1733-d146-4369-bded-20dcfccc07e2"}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation completed","log_id":"87fb1733-d146-4369-bded-20dcfccc07e2","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation started","log_id":"72cba0bc-3452-4189-a630-eb30be8241fd","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Response body captured for Phase 4 analysis","log_id":"72cba0bc-3452-4189-a630-eb30be8241fd"}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation completed","log_id":"72cba0bc-3452-4189-a630-eb30be8241fd","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation started","log_id":"55b89e93-f71e-4456-82cb-d91234f14a05","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"192.168.3.3","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Response body captured for Phase 4 analysis","log_id":"55b89e93-f71e-4456-82cb-d91234f14a05"}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation completed","log_id":"55b89e93-f71e-4456-82cb-d91234f14a05","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation started","log_id":"4011563a-9a95-4a4d-839d-dea0c28ca5d9","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Response body captured for Phase 4 analysis","log_id":"4011563a-9a95-4a4d-839d-dea0c28ca5d9"}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation completed","log_id":"4011563a-9a95-4a4d-839d-dea0c28ca5d9","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation started","log_id":"203dc7f9-beab-4f2a-b464-1c2e77037483","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"","r.RemoteAddr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.260","msg":"Response body captured for Phase 4 analysis","log_id":"203dc7f9-beab-4f2a-b464-1c2e77037483"}
{"level":"INFO","ts":"2025/01/26 14:32:06.260","msg":"WAF request evaluation completed","log_id":"203dc7f9-beab-4f2a-b464-1c2e77037483","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:32:06.261","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:32:06.261","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:32:06.261","msg":"Skipping file watch, file does not exist","file":"nonexistent.txt"}
{"level":"WARN","ts":"2025/01/26 14:32:06.261","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:32:06.261","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:32:06.261","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/26 14:33:19.745","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:33:19.745","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:33:19.745","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:33:19.745","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/26 14:33:19.745","msg":"WAF request evaluation started","log_id":"5e1a9e55-7a20-431f-a86a-aca35794136c","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Response body captured for Phase 4 analysis","log_id":"5e1a9e55-7a20-431f-a86a-aca35794136c"}
{"level":"INFO","ts":"2025/01/26 14:33:19.745","msg":"WAF request evaluation completed","log_id":"5e1a9e55-7a20-431f-a86a-aca35794136c","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:19.745","msg":"WAF request evaluation started","log_id":"949b6990-5d52-4d63-ab5c-1dcdcdda6117","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"10.0.0.5","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.745","msg":"Response body captured for Phase 4 analysis","log_id":"949b6990-5d52-4d63-ab5c-1dcdcdda6117"}
{"level":"INFO","ts":"2025/01/26 14:33:19.745","msg":"WAF request evaluation completed","log_id":"949b6990-5d52-4d63-ab5c-1dcdcdda6117","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation started","log_id":"79085e25-a557-48d7-8f43-b199a1e7460e","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Response body captured for Phase 4 analysis","log_id":"79085e25-a557-48d7-8f43-b199a1e7460e"}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation completed","log_id":"79085e25-a557-48d7-8f43-b199a1e7460e","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation started","log_id":"0f9cca25-4023-4252-b414-e35363c3858b","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"192.168.3.3","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Response body captured for Phase 4 analysis","log_id":"0f9cca25-4023-4252-b414-e35363c3858b"}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation completed","log_id":"0f9cca25-4023-4252-b414-e35363c3858b","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation started","log_id":"4f0d0651-e7ab-4697-9711-044e92e90a8a","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Response body captured for Phase 4 analysis","log_id":"4f0d0651-e7ab-4697-9711-044e92e90a8a"}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation completed","log_id":"4f0d0651-e7ab-4697-9711-044e92e90a8a","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation started","log_id":"89fa8852-282c-40a6-b850-5624ca2a5e4e","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"","r.RemoteAddr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Response body captured for Phase 4 analysis","log_id":"89fa8852-282c-40a6-b850-5624ca2a5e4e"}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF request evaluation completed","log_id":"89fa8852-282c-40a6-b850-5624ca2a5e4e","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:33:19.746","msg":"Skipping file watch, file does not exist","file":"nonexistent.txt"}
{"level":"WARN","ts":"2025/01/26 14:33:19.746","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:33:19.746","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:33:19.746","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/26 14:33:42.453","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:33:42.453","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:33:42.454","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Parsing WAF configuration","file":"","line":0}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation started","log_id":"5776225c-0839-4b01-8929-139fe9b58b21","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Response body captured for Phase 4 analysis","log_id":"5776225c-0839-4b01-8929-139fe9b58b21"}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation completed","log_id":"5776225c-0839-4b01-8929-139fe9b58b21","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation started","log_id":"ba7927fc-62fb-469f-b6ba-89d2371f7f59","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"10.0.0.5","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Response body captured for Phase 4 analysis","log_id":"ba7927fc-62fb-469f-b6ba-89d2371f7f59"}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation completed","log_id":"ba7927fc-62fb-469f-b6ba-89d2371f7f59","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation started","log_id":"39c9d802-9a56-42b6-a5bd-992e0ee4edd5","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Response body captured for Phase 4 analysis","log_id":"39c9d802-9a56-42b6-a5bd-992e0ee4edd5"}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation completed","log_id":"39c9d802-9a56-42b6-a5bd-992e0ee4edd5","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation started","log_id":"7ac22bb4-e391-4653-8ecf-d4802af5dbe4","method":"GET","uri":"http://example.com","remote_address":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Checking for IP blacklisting","remote_addr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"192.168.3.3","r.RemoteAddr":"192.168.2.2:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.2.2:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Response body captured for Phase 4 analysis","log_id":"7ac22bb4-e391-4653-8ecf-d4802af5dbe4"}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation completed","log_id":"7ac22bb4-e391-4653-8ecf-d4802af5dbe4","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation started","log_id":"25b6f719-fcda-455f-a824-5db2e58018f2","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"X-Forwarded-For header not present using r.RemoteAddr"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.454","msg":"Response body captured for Phase 4 analysis","log_id":"25b6f719-fcda-455f-a824-5db2e58018f2"}
{"level":"INFO","ts":"2025/01/26 14:33:42.454","msg":"WAF request evaluation completed","log_id":"25b6f719-fcda-455f-a824-5db2e58018f2","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:42.455","msg":"WAF request evaluation started","log_id":"16125e85-ea87-4931-ba4a-6bd3ce910dcb","method":"GET","uri":"http://example.com","remote_address":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"Starting phase evaluation","phase":1,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"Checking for IP blacklisting","remote_addr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"Checking IP blacklist with X-Forwarded-For","remote_addr_xff":"","r.RemoteAddr":"192.168.1.1:12345"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"DNS blacklist miss","host":"example.com"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"No rules found for phase","phase":1}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"Starting phase evaluation","phase":2,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"No rules found for phase","phase":2}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"Starting phase evaluation","phase":3,"source_ip":"192.168.1.1:12345","user_agent":""}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"No rules found for phase","phase":3}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"Response body captured for Phase 4 analysis","log_id":"16125e85-ea87-4931-ba4a-6bd3ce910dcb"}
{"level":"INFO","ts":"2025/01/26 14:33:42.455","msg":"WAF request evaluation completed","log_id":"16125e85-ea87-4931-ba4a-6bd3ce910dcb","total_score":0,"blocked":false,"status_code":200}
{"level":"INFO","ts":"2025/01/26 14:33:42.455","msg":"Provisioning WAF middleware","log_level":"info","log_path":"log.json","log_json":false,"anomaly_threshold":0}
{"level":"INFO","ts":"2025/01/26 14:33:42.455","msg":"WAF middleware version","version":"unknown"}
{"level":"WARN","ts":"2025/01/26 14:33:42.455","msg":"Skipping file watch, file does not exist","file":"nonexistent.txt"}
{"level":"WARN","ts":"2025/01/26 14:33:42.455","msg":"Skipping file watch, file does not exist","file":""}
{"level":"INFO","ts":"2025/01/26 14:33:42.455","msg":"Rate limiting is disabled"}
{"level":"DEBUG","ts":"2025/01/26 14:33:42.455","msg":"Parsing WAF configuration","file":"","line":0}