hi there. Can crowdsec inspect websocket connections? I use haproxy to handle ws connections and sometimes and I need to write some scenario for malicious requests on websocket connections.
If you can provide some logs? if they already match this parser? I be surprised if they are same fomat
I don’t believe it will since websockets is tcp not http mode.
the thing is haproxy initiates a tunnel for websocket connections and I only see http 101 in the log. but it is possible to send malicious code through websockets and haproxy will not understand because websocket connection doesn’t have a regular http request/response. I wonder if you guys have any experience or solution for it.