pub struct ProxyBuilder<'a> { /* private fields */ }Expand description
Stable builder for embedding the proxy with custom extension points. Obtain it
via Proxy::builder. Every seam defaults to the built-in behaviour, so a
builder with no overrides is identical to Proxy::bind. The enterprise plugs
a distributed rate-limit store or premium modules here without forking
(BOUNDARY §4).
Implementations§
Source§impl<'a> ProxyBuilder<'a>
impl<'a> ProxyBuilder<'a>
Sourcepub fn modules(self, modules: Vec<Box<dyn WafModule>>) -> Self
pub fn modules(self, modules: Vec<Box<dyn WafModule>>) -> Self
Replace the extra detection modules appended after the built-in set. These run after the built-ins and are NOT carried across a config reload.
Sourcepub fn add_module(self, module: Box<dyn WafModule>) -> Self
pub fn add_module(self, module: Box<dyn WafModule>) -> Self
Append a single extra detection module (additive over Self::modules).
Sourcepub fn state_store(self, store: Arc<dyn StateStore>) -> Self
pub fn state_store(self, store: Arc<dyn StateStore>) -> Self
Inject the rate-limit StateStore (e.g. a distributed Redis store). The
store survives config reloads. Defaults to the in-memory token bucket sized
from [rate_limit].max_tracked_keys.
Sourcepub fn cert_source(self, source: Arc<dyn TlsCertSource>) -> Self
pub fn cert_source(self, source: Arc<dyn TlsCertSource>) -> Self
Inject the TlsCertSource (e.g. enterprise ACME/managed-PKI/mTLS). [tls].enabled
and [tls].alpn still come from config; the source only governs cert provenance, so
the config cert_path/key_path are ignored when one is injected. Defaults to the
OPEN FileCertSource reading those paths.
Sourcepub fn module_factory<F>(self, factory: F) -> Self
pub fn module_factory<F>(self, factory: F) -> Self
Inject a ModuleFactory that (re)builds the extra detection modules (core 0.3).
Unlike Self::add_module/Self::modules (built once, dropped on a reload), the
factory is re-run on every config reload, so injected modules SURVIVE a SIGHUP and are
re-init’d. It runs at bind too (the single source of reload-surviving modules): a
boot error is fatal, and a reload error aborts that reload and keeps the last-good
modules. This is the seam an embedder uses to keep premium modules across reloads
(BOUNDARY §4). Factory output is appended AFTER any static .add_module extras.