-
Notifications
You must be signed in to change notification settings - Fork 9
GeneralCodeStructure
Upon start, cloud active defense will perform two types of operations:
Every second, Envoy will send a GET /CHANGE/ME request to configmanager. Configmanager expects a path in the form /namespace/application and will return cad-namespace-application.json or, if not found, cad-default.json.
This means that the default config file will always be returned.
If the config is different from what was last read, Envoy will load the new config and print on the console 'read new config'.
Every time a request is received, Envoy will call several events, in this order. The standard flow is highlighted in bold:
1- onHttpRequestHeaders: - saves some details (url path, cookies) in the global context - verifies 'inRequest' detect rules for http request header decoys (headers, url, getParams) - injects 'inRequest' header decoys 2- onHttpRequestBody (if exists): - verifies 'inRequest' detect rules for http request body decoys (postParams, payload) - injects 'inRequest' body decoys 3- onHttpResponseHeaders: - uses global context to verify 'inResponse' detect rules for http response headers - used global context to inject 'inResponse' header decoys 4- onHttpResponseBody (if exists): - uses global context to verify 'inResponse' detect rules for http response body - used global context to inject 'inResponse' body decoys