internal/appsec: pass htpt.client_ip address to the WAF

DataDog · Oct 26, 2022 · a36fc28 · a36fc28
1 parent 6174747
commit a36fc28
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/internal/appsec/waf.go b/internal/appsec/waf.go
@@ -145,6 +145,11 @@ func newHTTPWAFEventListener(handle *waf.Handle, addresses []string, timeout tim
 					}
 				case serverResponseStatusAddr:
 					values[serverResponseStatusAddr] = res.Status
+
+				case httpClientIP:
+					if args.ClientIP.IsValid() {
+						values[httpClientIP] = args.ClientIP.String()
+					}
 				}
 			}
 			matches := runWAF(wafCtx, values, timeout)
@@ -281,6 +286,7 @@ const (
 	serverRequestPathParams           = "server.request.path_params"
 	serverRequestBody                 = "server.request.body"
 	serverResponseStatusAddr          = "server.response.status"
+	httpClientIP                      = "http.client_ip"
 )
 
 // List of HTTP rule addresses currently supported by the WAF
@@ -292,6 +298,7 @@ var httpAddresses = []string{
 	serverRequestPathParams,
 	serverRequestBody,
 	serverResponseStatusAddr,
+	httpClientIP,
 }
 
 // gRPC rule addresses currently supported by the WAF