Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/tilsor/ModSecIntl_wace_lib/llms.txt

Use this file to discover all available pages before exploring further.

WACElib is configured through a ConfigFileData struct defined in the configstore package. In practice you populate this struct by unmarshalling a YAML file, then pass it to Init alongside an OpenTelemetry meter. Init validates the configuration, initialises the logger, and loads all declared plugins before the library begins processing transactions.

Top-level configuration structure

logpath: "/var/log/wace/wace.log"
loglevel: "INFO"
natsurl: "localhost:4222"
modelplugins:
  - ...
decisionplugins:
  - ...
logpath
string
required
Filesystem path for the WACElib log file. The directory must be writable; WACElib will attempt to create the file if it does not already exist. An empty value causes Init to return an error.
loglevel
string
required
Minimum severity level for log output. Must be one of:
ValueMeaning
DEBUGVerbose output including per-transaction tracing
INFOInformational messages about plugin loading and transaction outcomes
WARNNon-fatal issues such as a plugin failing to load
ERRORErrors that prevent correct operation
Values are case-insensitive. An unrecognised value causes Init to return an error.
natsurl
string
default:"localhost:4222"
Connection URL for the NATS messaging server. Required when any model plugin is configured with remote: true or mode: async. Defaults to localhost:4222 if omitted.
modelplugins
object[]
List of model plugin configurations. Each entry describes one compiled .so plugin that analyses a portion of an HTTP transaction. See Model plugin configuration for the full field reference.
decisionplugins
object[]
List of decision plugin configurations. Each entry describes one compiled .so plugin that receives aggregated model results and WAF signals and returns a block/allow decision. See Decision plugin configuration for the full field reference.

Complete example

The following YAML is representative of a production configuration that runs two model plugins synchronously in the same process and one decision plugin. 
---
logpath: "/var/log/wace/wace.log"
loglevel: "INFO"
modelplugins:
  - id: "trivial"
    path: "/opt/wace/plugins/model/trivial.so"
    weight: 1
    params:
      d: "sds"
      b: "dnid"
      e: "dofnno"
    plugintype: "Everything"
  - id: "trivial2"
    path: "/opt/wace/plugins/model/trivial2.so"
    weight: 2
    params:
      a: "sdsds"
      b: "sdfjdnid"
      c: "kfoskdofnno"
    plugintype: "Everything"
decisionplugins:
  - id: "simple"
    path: "/opt/wace/plugins/decision/simple.so"
    wafweight: 0.5
    decisionbalance: 0.5

Loading configuration in Go

Pass a populated ConfigFileData value directly to Init. The typical pattern is to unmarshal a YAML file first: 
import (
    "os"

    "github.com/tilsor/ModSecIntl_wace_lib/configstore"
    wace "github.com/tilsor/ModSecIntl_wace_lib"
    "go.opentelemetry.io/otel/metric"
    "gopkg.in/yaml.v3"
)

func startWACE(meter metric.Meter, configPath string) error {
    data, err := os.ReadFile(configPath)
    if err != nil {
        return err
    }

    var cfg configstore.ConfigFileData
    if err := yaml.Unmarshal(data, &cfg); err != nil {
        return err
    }

    return wace.Init(meter, cfg)
}
Init creates a singleton ConfigStore. Calling Init a second time without first calling configstore.Clean() returns an error. In tests, call defer configstore.Clean() after each Init to reset state.

Next steps

Model plugin configuration

Field reference for every model plugin option, including plugintype, mode, and remote execution.

Decision plugin configuration

Field reference for decision plugins and how they receive WAF signals and model results.

Build docs developers (and LLMs) love

Get started for freeTalk to us