Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Configuration registry for common Applications #1700

Open
1 task done
aurelienizl opened this issue Nov 12, 2024 · 3 comments
Open
1 task done

[FEATURE] Configuration registry for common Applications #1700

aurelienizl opened this issue Nov 12, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@aurelienizl
Copy link

What's needed and why?

BunkerWeb Development Team,

I have been using BunkerWeb to secure several industrial services, such as web servers, virtualization interfaces (Proxmox, oVirt), git services, and media management platforms. While BunkerWeb has proven effective, configuring each service requires significant effort, particularly when handling Coraza and ModSecurity, as well as anti-bot mechanisms.

For example:

Coraza and ModSecurity often block common Git operations over HTTP.
Request limits are frequently triggered when using media managers, resulting in temporary bans.
Anti-bot verification sometimes causes issues with common smartphone apps, which are redirected for client verification.

To streamline this setup process, it would be highly beneficial to have a database of predefined configuration templates for popular services. These templates could be accessible directly from the web interface or via the configuration file, allowing users to load optimized settings for specific services easily.

A possible implementation could look like this:

myurireverseproxied_TEMPLATE_SET=bunkerity.database.app.proxmox

This feature would significantly reduce setup time, allowing users to deploy best-practice configurations tailored to each service. It would also make BunkerWeb more accessible to non-technical users, enhancing community involvement in this open-source project.

Thank you for considering this feature request.

Implementations ideas (optional)

For implementing a registry of common application settings in BunkerWeb, here are a few ideas:

Template Registry: Create a centralized registry file or database that stores predefined templates for commonly used services (e.g., Git, Proxmox, media management, etc.). Each template would include settings for Coraza, ModSecurity, anti-bot rules, request limits, and other relevant configurations.

Template Selection in Configuration: Add an option in the BunkerWeb configuration file to specify a template for each proxied service. For example:

myurireverseproxied_TEMPLATE_SET=bunkerity.registry.app.proxmox

BunkerWeb would then automatically apply the corresponding settings from the registry.

Web Interface for Template Management: Integrate a user-friendly interface in the BunkerWeb web UI for selecting and applying these templates. Users could browse available templates, apply them to services, and even make small adjustments as needed. This would reduce setup complexity, especially for less technical users.

Template API: Provide an API endpoint that allows querying, adding, and updating templates, enabling more flexible integration. This would be useful for automated deployments and for keeping the registry up-to-date with the latest configurations for supported services.

Template Versioning and Updates: Include versioning for each template, allowing users to update their configurations easily when new best practices or security settings are introduced.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@aurelienizl aurelienizl added the enhancement New feature or request label Nov 12, 2024
@TheophileDiot
Copy link
Member

Hi @aurelienizl, thank you for opening this feature request. Wouldn't this be solved by the new templating system that will be installed in the next major ?
Here's some information related: https://docs.bunkerweb.io/1.6.0-beta/concepts/#templates

@aurelienizl
Copy link
Author

Hi @TheophileDiot,
The new template feature is interesting, but a registry containing all template configurations with versioning would provide greater flexibility. It would enable users to configure the WAF based on the version of the reverse-proxied application, ensuring compatibility with specific requirements. A centralized registry also simplifies updates, rollbacks, and automation through APIs for larger deployments. Additionally, service-specific templates in the registry would better address unique needs like Git operations or media requests, enhancing usability and security. This approach ensures both flexibility and consistency for diverse use cases.

@TheophileDiot
Copy link
Member

Hi @aurelienizl, I see. We'll have a look at it and let you know what decision we make. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aurelienizl @TheophileDiot