Memahami Alur WAF CRS

Oke! Saya buatkan diagram alur CRS WAF + ModSecurity dalam bentuk teks ASCII agar mudah dibaca di terminal atau dokumen teks. Diagram ini fokus pada paranoia level → scoring → blocking:

                   +----------------------+
                   |  Incoming Request    |
                   +----------------------+
                              |
                              v
               +-------------------------------+
               | ModSecurity Core Processing   |
               +-------------------------------+
                              |
        +---------------------+---------------------+
        |                                           |
        v                                           v
+----------------------+                   +----------------------+
| Protocol Checks      |                   | Header Checks        |
| (HTTP, Methods, etc) |                   | (User-Agent, Cookies)|
+----------------------+                   +----------------------+
        |                                           |
        v                                           v
+----------------------+                   +----------------------+
| Argument Checks      |                   | File Upload Checks   |
| (tx.max_num_args,    |                   | (Extensions, Size)  |
|  tx.arg_length)      |                   +----------------------+
+----------------------+                              |
        |                                             v
        +--------------------+------------------------+
                             |
                             v
                 +--------------------------+
                 | Apply CRS Rules          |
                 | (Request/Response)      |
                 +--------------------------+
                             |
                             v
                 +--------------------------+
                 | Calculate Anomaly Score  |
                 | (per matched rule)       |
                 +--------------------------+
                             |
                             v
                 +--------------------------+
                 | Check Paranoia Level     |
                 | tx.paranoia_level        |
                 +--------------------------+
                             |
                             v
                 +--------------------------+
                 | Compare Score Threshold  |
                 | inbound_anomaly_score    |
                 | outbound_anomaly_score   |
                 +--------------------------+
                             |
        +--------------------+--------------------+
        |                                         |
        v                                         v
+----------------------+                   +----------------------+
| Score < Threshold    |                   | Score >= Threshold   |
|  → Allow Request     |                   |  → Block Request     |
+----------------------+                   +----------------------+

Penjelasan:

Paranoia Level (tx.paranoia_level) menentukan rule mana yang dijalankan:
- Level rendah → rule aman saja
- Level tinggi → semua rule, termasuk yang agresif
Anomaly Scoring:
- Setiap rule yang cocok menambahkan skor.
- Request diblok hanya jika skor total ≥ threshold (tx.inbound_anomaly_score_threshold)
Rule Layering:
- Protocol → Header → Argument → File Upload → CRS rules → Anomaly scoring
Outbound Rules:
- Mirip proses di atas tapi memeriksa response untuk data leakage atau sensitive info.