Source URL: https://github.com/Veinar/dracan
Source: Hacker News
Title: Show HN: Dracan – Open-source, 1:1 proxy with simple filtering/validation config
Feedly Summary: Comments
AI Summary and Description: Yes
**Summary:**
The text discusses Dracan, a middleware security solution designed to enhance request filtering and validation within Kubernetes environments. Its main features include HTTP method filtering, JSON validation, request limiting, and payload validation, making it particularly relevant for security and compliance professionals focused on cloud and infrastructure security.
**Detailed Description:**
Dracan serves as a specialized middleware designed to enhance the security and integrity of applications operating within Kubernetes environments by acting as a gatekeeper to incoming requests. Here are the major points:
– **HTTP Method Filtering:** Ensures that only designated HTTP methods (e.g., GET, POST) can access applications, preventing unwanted interactions.
– **JSON Validation:** Validates incoming JSON data against predefined schemas, mitigating risks associated with malformed data that could affect application functionality.
– **Request Limiting:** Allows setting maximum thresholds for incoming requests, assisting in performance management and preventing overloads.
– **Payload Limitation:** Controls the size of incoming request payloads, which can prevent large requests from degrading application performance.
– **URI Filtering:** Offers two levels of URI control: exact URI matches and regular expression pattern matching, which adds security by ensuring that only valid requests are processed.
– **Header Validation:**
– Validates incoming HTTP headers to ensure they meet defined criteria.
– Allows for both required and prohibited headers, enhancing request control and application security.
– **Integration Steps:**
– **Deployment:** Dracan is deployed in a Kubernetes cluster and replaces the default application entry point in the Ingress controller.
– **Configuration Files:**
– **proxy_config.json** specifies the destination services for traffic routing.
– **rules_config.json** outlines the rules for request validation, filtering, and limits.
– **Health Check Feature:** Dracan includes built-in health checks and metrics monitoring for performance evaluation, which can be integrated with systems like Prometheus.
– **User Contributions:** The project welcomes community involvement through bug reports, code contributions, and documentation improvements, promoting collaboration within the open-source framework.
In summary, Dracan is positioned as a robust middleware security solution tailored for small to mid-sized development teams, enabling them to implement comprehensive security measures effortlessly without requiring extensive DevOps expertise. Its modular design allows for quick customization of security needs, making it a valuable tool in maintaining the integrity of applications hosted on cloud infrastructures.