port
: Which port to listen on for scans. For security purposes, Aardvark will only bind to localhost. Default is 1729proxy_url
: The backend service to proxy to if request is saneipheader
: The header to look for the client's IP in. Typically X-Forwarded-For.spamurls
: Specific honey-pot URLs that trigger a block regardless of the actionignoreurls
: Specific URLs that are exempt from spam detectionpostmatches
: A list of keywords and/or regexes that, if matched, will block the requestmultimatch
: A combination blocker. If a required
keyword or regex is matched, the request will be blocked only if one or more auxiliary
keywords/regexes are also matchedTo enable as a pipservice, add the following minimal hiera yaml to your node config:
pipservice: aardvark-proxy: tag: main
Follow these steps to run manually (assuming you have pipenv installed):
git clone https://github.com/apache/infrastructure-aardvark-proxy.git aardvark-proxy
cd aardvark-proxy
pipenv install -r requirements.txt
pipenv run python3 aardvark.py
As Aardvark is a proxy middleman for specific purposes, you will preferably need a web server in front. The example below relays all POST requests for /foo/bar through Aardvark, while letting all GETs etc go directly to the backend service.
Assuming Aardvark is listening on port 1729
and the real backend service is on port 8080
:
# Send all POST requests through Aardvark RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteRule ^/(.*)$ http://localhost:1729/$1 [P] # Rest goes to backend directly ProxyPass / http://localhost:8080/foo/bar/