[FEATURE] AppSec Integration

[LaurenceJJones]

Is your feature request related to a problem? Please describe. 🐛
Hey Team 👋🏻 We at CrowdSec have been working on a WAF component called AppSec, and whilst the component is within our preview stage, we would like to reach out to other web server bouncers to ask about a potential integration. (We would be willing to do the pull requests itself)

Describe the solution you'd like ✨
The first thing is to ask would you be interested in having this within this plugin? or would you like this plugin to solely handle just the IP checks?

Additional context
Nothing else to add other than thank you for supporting our community with your plugin!

[mathieuHa]

Hi @LaurenceJJones,

We've followed a bit this new feature from appsec, and we would very much like to support it in this plugin.

To be certain we understand:
Before Crowdsec only looked at logs to make decisions and ban IPs.

Now with Appsec integration, it will be able to act based on request before they arrive at the destination and block them.
I read that it is possible to support modsecurity rules and could act as a modsecurity replacement.

Is that correct ?
Also, is it still possible to combine both modes (decision / appsec) ?

Do you know what is the impact in latency of all requests going through appsec engine before destination, for instance with OWASP ModSecurity Core Rule Set ?

[mathieuHa]

Hi @LaurenceJJones,

We've implemented support for Appsec, added some documentation and released a rc to test further.
In a few days, if everything works well we will release a definitive version.

Please feel free to comment on the implementation or if you find any bugs.
Thanks @maxlerebourg