Csp Server Save

CSP (Content Security Policy) reports server which forwards reports to Elasticsearch.

Project README

CSP Server and Elasticsearch Feeder

CSP violation report endpoint using Elasticsearch as storage. Basically a https://report-uri.io/ alternative.

It is a Node.js application designed to receive CSP (Content Security Policy) reports and inject them in Elasticsearch for analysis.

Node application uses http://restify.com/ framework
The application has been tested in Ubuntu 14.04 LTS and 16.04 LTS (both 64-bit).

Components

bash : (optional) Scripts to rotate old indexes (indices) in Elasticsearch
example : (optional) Example of a CSP Report this server is meant to receive
infrastructure : (optional) Scripts to create the server and services using AWS PowerShell CLI
nginx : Configuration file for Nginx
nodejs : Node.js application that gets the CSP Reports and sends them to Elasticsearch

Infrastructure

This project was implemented and tested using Amazon AWS services in the following way:

AWS EC2 (Linux) running Nginx and Node.js -> AWS Elasticsearch Service

Install

TLDR;

Checkout this project in your server

git clone [email protected]:seek-oss/csp-server.git

Edit nodejs/config.js and set the Elasticsearch URL, port and version
Start nodejs application with nodejs/server.js

node ./nodejs/server.js

This way the Node.js appliation will listen in the configured port and process POST requests containing CSP reports. Each POST will be sent to Elasticsearch into indices named cspdata-YYYYMMDD

Endpoints:

POST http://localhost:9000/index - CSP report in json format
GET http://localhost:9000/_healthcheck - health check

For details on how to configure a server to support https (SSL) using Nginx, Node as service using PM2 manager, log rotation and setting up Elasticsearch in AWS continue reading:

1. Create infrastructure

In this project we create the AWS resources using AWS CLI.

EC2 in AWS running Ubuntu - Instructions here: infrastructure
Elasticsearch in AWS - Instructions here: infrastructure

2. Configure server

Install Nginx - Instructions here: nginx
Install Node - Instructions here: nodejs
Configure Elasticsearch - Instructions here: elasticsearch
Configure rotation scripts - Instructions here: bash

3. Get the CSP reports

Get your customers to start sending CSP reports to your server

README2.md

Sceenshots

Open Source Agenda is not affiliated with "Csp Server" Project. README Source: seek-oss/csp-server

Stars

Open Issues

Last Commit

1 year ago

Repository

seek-oss/csp-server

License

MIT

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/csp-server"><img src="https://www.opensourceagenda.com/projects/csp-server/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022