Load the Attachment in Proxy Configuration

open-appsec Agents receive the HTTP data from open-appsec Attachments integrating with the Proxy server. This allows the Agents to inspect traffic, once inspection is done, the resulting decision (e.g. to allow traffic or to block it) is returned back to the Attachment for the actual enforcement. When you are providing your own proxy configuration it is therefor critical to make sure that it contains the relevant settings for the proxy to load the attachment.

How do I get the attachment for my proxy?

Linux embedded deployments

The attachment module is automatically downloaded specifically matching your proxy type and version and operating system when you run the open-appsec-install tool to install open-appsec.

Here you find lists of all supported/pre-compiled attachments per supported OS versions for each available integration: NGINX, Kong, APISIX

Docker and Kubernetes deployments

We provide "enhanced" versions of the containers for all supported proxies that open-appsec can integrate with. These containers already include the open-appsec attachment.

Compiling the attachment yourself

You can also compile the attachment yourself, this allows you to deploy on currently unsupported versions of the supported proxies or on unsupported operating systems. You can also build your own customized proxy containers. Source code and instructions are available here:

How to load the open-appsec attachment in the proxy configuration

Please follow the instructions provided below for your specific deployment type explaining what needs to be included in your local proxy configuration in order to load the open-appsec attachment module.

In the NGINX configuration file nginx.conf make sure to have the open-appsec attachment loaded as an NGINX module.

The open-appsec attachment module is usually located in this path: /usr/lib/nginx/modules/

Make sure the following line exists as the first line in the nginx.conf file in order to load the open-appsec attachment module:

load_module /usr/lib/nginx/modules/ngx_cp_attachment_module.so;

Last updated

Was this helpful?