gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Update WIP.md with WAF architecture configuration

Browse Source 
- WAF enabled for Streamlit/MetaBlogizer
- WAF bypass for infrastructure services
- 38 path ACLs with waf_bypass

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-02-14 11:59:28 +01:00
parent 98fb91a0ce
commit ba2f459151
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.claude/WIP.md
View File

@ -1,6 +1,6 @@
# Work In Progress (Claude)
_Last updated: 2026-02-14 (C3BOX 70 services verified)_
_Last updated: 2026-02-14 (WAF architecture configured)_
> **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches
@ -64,6 +64,13 @@ _Last updated: 2026-02-14 (C3BOX 70 services verified)_
### Just Completed (2026-02-14)
- **WAF Architecture Configuration** — DONE (2026-02-14)
- WAF (mitmproxy) enabled for Streamlit apps and MetaBlogizer sites
- WAF bypass for infrastructure: Jellyfin, Mail, Glances, GoToSocial, Webmail
- Path ACLs (`/gk2/*`) bypass WAF - mitmproxy routes by host only
- 38 path ACLs configured with `waf_bypass=1`
- Architecture: HAProxy → mitmproxy (WAF) → Backend (filtered) or HAProxy → Backend (bypass)
- **C3BOX SDLC Full Service Verification** — DONE (2026-02-14)
- Verified all 70 services across 12 zones on C3BOX dashboard
- Zones: *.cybermind.fr (2), *.cybermood.eu (2), *.ganimed.fr (2), *.maegia.tv (19), *.secubox.in (29), *.sb.local (4), *.secubox.local (2)