diff --git a/app/(dashboard)/proxy-hosts/actions.ts b/app/(dashboard)/proxy-hosts/actions.ts index 3f8b05b7..88592c09 100644 --- a/app/(dashboard)/proxy-hosts/actions.ts +++ b/app/(dashboard)/proxy-hosts/actions.ts @@ -392,7 +392,7 @@ function parseWafConfig(formData: FormData): { waf?: WafHostConfig | null } { const wafMode: WafHostConfig["waf_mode"] = rawMode === "override" ? "override" : "merge"; const rawEngineMode = formData.get("waf_engine_mode"); const engineMode: WafHostConfig["mode"] = - rawEngineMode === "On" ? "On" : rawEngineMode === "Off" ? "Off" : "DetectionOnly"; + rawEngineMode === "On" ? "On" : rawEngineMode === "Off" ? "Off" : rawEngineMode === "DetectionOnly" ? "DetectionOnly" : undefined; const loadCrs = parseCheckbox(formData.get("waf_load_owasp_crs")); const customDirectives = typeof formData.get("waf_custom_directives") === "string" ? (formData.get("waf_custom_directives") as string).trim() diff --git a/app/(dashboard)/settings/actions.ts b/app/(dashboard)/settings/actions.ts index 12314283..c5f77500 100644 --- a/app/(dashboard)/settings/actions.ts +++ b/app/(dashboard)/settings/actions.ts @@ -678,9 +678,9 @@ export async function suppressWafRuleForHostAction(ruleId: number, hostname: str if (!host) { return { success: false, message: `No proxy host found for ${hostname}.` }; } - const existingWaf = host.waf ?? {}; + const existingWaf = host.waf ?? { enabled: true, waf_mode: 'merge' as const }; const ids = [...new Set([...(existingWaf.excluded_rule_ids ?? []), ruleId])]; - await updateProxyHost(host.id, { waf: { ...existingWaf, enabled: existingWaf.enabled ?? false, excluded_rule_ids: ids } }, userId); + await updateProxyHost(host.id, { waf: { ...existingWaf, enabled: true, waf_mode: existingWaf.waf_mode ?? 'merge', excluded_rule_ids: ids } }, userId); revalidatePath("/proxy-hosts"); revalidatePath("/waf-events"); return { success: true, message: `Rule ${ruleId} suppressed for ${hostname}.` }; diff --git a/src/components/proxy-hosts/WafFields.tsx b/src/components/proxy-hosts/WafFields.tsx index bc4b9d7a..773ab8cf 100644 --- a/src/components/proxy-hosts/WafFields.tsx +++ b/src/components/proxy-hosts/WafFields.tsx @@ -20,7 +20,7 @@ import { type WafHostConfig } from "@/src/lib/models/proxy-hosts"; import { WafRuleExclusions } from "./WafRuleExclusions"; type WafMode = "merge" | "override"; -type EngineMode = "Off" | "DetectionOnly" | "On"; +type EngineMode = "Off" | "DetectionOnly" | "On" | "inherit"; const QUICK_TEMPLATES = [ { label: "Allow IP", snippet: `SecRule REMOTE_ADDR "@ipMatch 1.2.3.4" "id:9000,phase:1,allow,nolog,msg:'Allow IP'"` }, @@ -37,7 +37,7 @@ type Props = { export function WafFields({ value, showModeSelector = true }: Props) { const [enabled, setEnabled] = useState(value?.enabled ?? false); const [wafMode, setWafMode] = useState(value?.waf_mode ?? "merge"); - const [engineMode, setEngineMode] = useState(value?.mode ?? "DetectionOnly"); + const [engineMode, setEngineMode] = useState(value?.mode ?? "inherit"); const [loadCrs, setLoadCrs] = useState(value?.load_owasp_crs ?? true); const [customDirectives, setCustomDirectives] = useState(value?.custom_directives ?? ""); const [showTemplates, setShowTemplates] = useState(false); @@ -154,7 +154,7 @@ export function WafFields({ value, showModeSelector = true }: Props) { Engine Mode - {(["Off", "DetectionOnly", "On"] as EngineMode[]).map((v) => ( + {(["inherit", "Off", "DetectionOnly", "On"] as EngineMode[]).map((v) => ( setEngineMode(v)} @@ -187,7 +187,7 @@ export function WafFields({ value, showModeSelector = true }: Props) { color={engineMode === v ? "error.main" : "text.secondary"} sx={{ transition: "all 0.15s ease", fontSize: "0.8rem" }} > - {v === "DetectionOnly" ? "Detect only" : v} + {v === "DetectionOnly" ? "Detect only" : v === "inherit" ? "Global default" : v} ))}