diff --git a/app.py b/app.py index 23691de..acc9278 100644 --- a/app.py +++ b/app.py @@ -10,10 +10,19 @@ from log_parser import parse_log_file app = Flask(__name__) # Load basic auth credentials -auth_config = configparser.ConfigParser() -auth_config.read('/etc/haproxy-configurator/auth/auth.cfg') -BASIC_AUTH_USERNAME = auth_config.get('auth', 'username') -BASIC_AUTH_PASSWORD = auth_config.get('auth', 'password') +try: + auth_config = configparser.ConfigParser() + auth_config.read(AUTH_CFG) + if auth_config.has_section('auth'): + BASIC_AUTH_USERNAME = auth_config.get('auth', 'username', fallback='admin') + BASIC_AUTH_PASSWORD = auth_config.get('auth', 'password', fallback='admin') + else: + BASIC_AUTH_USERNAME = "admin" + BASIC_AUTH_PASSWORD = "admin" +except Exception as e: + print(f"[APP] Auth config error: {e}, using defaults", flush=True) + BASIC_AUTH_USERNAME = "admin" + BASIC_AUTH_PASSWORD = "admin" # Register blueprints app.register_blueprint(main_bp) diff --git a/utils/haproxy_config.py b/utils/haproxy_config.py index 10afd2f..0120ccc 100644 --- a/utils/haproxy_config.py +++ b/utils/haproxy_config.py @@ -53,7 +53,7 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method, haproxy_cfg.write(f" acl is_sql_injection urlp_reg -i (union|select|insert|update|delete|drop|@@|1=1|`1)\n") haproxy_cfg.write(f" acl is_long_uri path_len gt 400\n") haproxy_cfg.write(f" acl semicolon_path path_reg -i ^.*;.*\n") - haproxy_cfg.write(f" acl is_sql_injection2 urlp_reg -i (;|substring|extract|union\s+all|order\s+by)\s+(\d+|--\+)\n") + haproxy_cfg.write(r" acl is_sql_injection2 urlp_reg -i (;|substring|extract|union\s+all|order\s+by)\s+(\d+|--\+)" + "\n") haproxy_cfg.write(f" http-request deny if is_sql_injection or is_long_uri or semicolon_path or is_sql_injection2\n") if is_xss: haproxy_cfg.write(f" acl is_xss_attack urlp_reg -i (<|>|script|alert|onerror|onload|javascript)\n")