Websocket on haproxy

hi there. Can crowdsec inspect websocket connections? I use haproxy to handle ws connections and sometimes and I need to write some scenario for malicious requests on websocket connections.

If you can provide some logs? if they already match this parser? I be surprised if they are same fomat

I don’t believe it will since websockets is tcp not http mode.

the thing is haproxy initiates a tunnel for websocket connections and I only see http 101 in the log. but it is possible to send malicious code through websockets and haproxy will not understand because websocket connection doesn’t have a regular http request/response. I wonder if you guys have any experience or solution for it.