gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(haproxy): Auto-sync mitmproxy routes on vhost add/remove

Browse Source 
- Add automatic mitmproxy route sync after vhost operations
- Route through WAF by default: sets original_backend for route resolution
- Add --nowaf option to bypass WAF routing if needed
- Prevents missing routes when creating new vhosts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-03-11 16:22:46 +01:00
parent fbd0abd716
commit 7cbd64061f
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
View File

@ -1788,6 +1788,7 @@ cmd_vhost_add() {
local domain="$1" local domain="$1"
local backend="$2" local backend="$2"
local nowaf="$3"
[ -z "$domain" ] && { log_error "Domain required"; return 1; } [ -z "$domain" ] && { log_error "Domain required"; return 1; }
[ -z "$backend" ] && backend="fallback" [ -z "$backend" ] && backend="fallback"
@ -1796,7 +1797,17 @@ cmd_vhost_add() {
uci set haproxy.$section=vhost uci set haproxy.$section=vhost
uci set haproxy.$section.domain="$domain" uci set haproxy.$section.domain="$domain"
# Route through WAF (mitmproxy_inspector) by default unless --nowaf specified
# Store original backend for mitmproxy route resolution
if [ "$nowaf" != "--nowaf" ] && [ "$backend" != "mitmproxy_inspector" ] && [ "$backend" != "fallback" ]; then
uci set haproxy.$section.backend="mitmproxy_inspector"
uci set haproxy.$section.original_backend="$backend"
log_info "WAF protection enabled: $domain -> mitmproxy_inspector -> $backend"
else
uci set haproxy.$section.backend="$backend" uci set haproxy.$section.backend="$backend"
fi
uci set haproxy.$section.ssl="1" uci set haproxy.$section.ssl="1"
uci set haproxy.$section.ssl_redirect="1" uci set haproxy.$section.ssl_redirect="1"
uci set haproxy.$section.acme="1" uci set haproxy.$section.acme="1"
@ -1805,6 +1816,12 @@ cmd_vhost_add() {
log_info "Virtual host added: $domain -> $backend" log_info "Virtual host added: $domain -> $backend"
# Auto-sync mitmproxy routes to ensure WAF routing works
if [ -x /usr/sbin/mitmproxyctl ]; then
log_info "Syncing mitmproxy routes..."
/usr/sbin/mitmproxyctl sync-routes >/dev/null 2>&1 &
fi
# Regenerate GK2 Hub landing page if generator exists # Regenerate GK2 Hub landing page if generator exists
[ -x /usr/bin/gk2hub-generate ] && /usr/bin/gk2hub-generate >/dev/null 2>&1 & [ -x /usr/bin/gk2hub-generate ] && /usr/bin/gk2hub-generate >/dev/null 2>&1 &
} }
@ -1821,6 +1838,12 @@ cmd_vhost_remove() {
log_info "Virtual host removed: $domain" log_info "Virtual host removed: $domain"
# Auto-sync mitmproxy routes to clean up orphaned routes
if [ -x /usr/sbin/mitmproxyctl ]; then
log_info "Syncing mitmproxy routes..."
/usr/sbin/mitmproxyctl sync-routes >/dev/null 2>&1 &
fi
# Regenerate GK2 Hub landing page if generator exists # Regenerate GK2 Hub landing page if generator exists
[ -x /usr/bin/gk2hub-generate ] && /usr/bin/gk2hub-generate >/dev/null 2>&1 & [ -x /usr/bin/gk2hub-generate ] && /usr/bin/gk2hub-generate >/dev/null 2>&1 &
} }