From e8ff13bc17916c8a1373438aa6e0fb68ac3d3a9f Mon Sep 17 00:00:00 2001
From: blotus <sebastien@crowdsec.net>
Date: Fri, 8 Mar 2024 15:04:36 +0100
Subject: [PATCH] appsec: get the original UA from headers (#2809)

---
 pkg/appsec/request.go | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/pkg/appsec/request.go b/pkg/appsec/request.go
index 6d472e8afae..0479dea471e 100644
--- a/pkg/appsec/request.go
+++ b/pkg/appsec/request.go
@@ -17,11 +17,12 @@ import (
 )
 
 const (
-	URIHeaderName    = "X-Crowdsec-Appsec-Uri"
-	VerbHeaderName   = "X-Crowdsec-Appsec-Verb"
-	HostHeaderName   = "X-Crowdsec-Appsec-Host"
-	IPHeaderName     = "X-Crowdsec-Appsec-Ip"
-	APIKeyHeaderName = "X-Crowdsec-Appsec-Api-Key"
+	URIHeaderName       = "X-Crowdsec-Appsec-Uri"
+	VerbHeaderName      = "X-Crowdsec-Appsec-Verb"
+	HostHeaderName      = "X-Crowdsec-Appsec-Host"
+	IPHeaderName        = "X-Crowdsec-Appsec-Ip"
+	APIKeyHeaderName    = "X-Crowdsec-Appsec-Api-Key"
+	UserAgentHeaderName = "X-Crowdsec-Appsec-User-Agent"
 )
 
 type ParsedRequest struct {
@@ -311,11 +312,14 @@ func NewParsedRequestFromRequest(r *http.Request, logger *logrus.Entry) (ParsedR
 		logger.Debugf("missing '%s' header", HostHeaderName)
 	}
 
+	userAgent := r.Header.Get(UserAgentHeaderName) //This one is optional
+
 	// delete those headers before coraza process the request
 	delete(r.Header, IPHeaderName)
 	delete(r.Header, HostHeaderName)
 	delete(r.Header, URIHeaderName)
 	delete(r.Header, VerbHeaderName)
+	delete(r.Header, UserAgentHeaderName)
 
 	originalHTTPRequest := r.Clone(r.Context())
 	originalHTTPRequest.Body = io.NopCloser(bytes.NewBuffer(body))
@@ -323,6 +327,13 @@ func NewParsedRequestFromRequest(r *http.Request, logger *logrus.Entry) (ParsedR
 	originalHTTPRequest.RequestURI = clientURI
 	originalHTTPRequest.Method = clientMethod
 	originalHTTPRequest.Host = clientHost
+	if userAgent != "" {
+		originalHTTPRequest.Header.Set("User-Agent", userAgent)
+		r.Header.Set("User-Agent", userAgent) //Override the UA in the original request, as this is what will be used by the waf engine
+	} else {
+		//If we don't have a forwarded UA, delete the one that was set by the bouncer
+		originalHTTPRequest.Header.Del("User-Agent")
+	}
 
 	parsedURL, err := url.Parse(clientURI)
 	if err != nil {