You can monitor App and API Protection for PHP apps running in host-based or container-based environments such as Docker, Kubernetes, AWS ECS, and AWS EKS.

Prerequisites

• The Datadog Agent is installed and configured for your application’s operating system or container, cloud, or virtual environment.
• If your service is running with an Agent with Remote Configuration enabled and a tracing library version that supports it, you can block attackers from the Datadog UI without additional configuration of the Agent or tracing libraries.

Enabling Application & API Protection

Get started

1. Install the latest Datadog PHP library by downloading and running the installer:

   wget https://github.com/DataDog/dd-trace-php/releases/latest/download/datadog-setup.php -O datadog-setup.php
   php datadog-setup.php --php-bin all --enable-appsec
   

   To check that your service’s language and framework versions are supported for Application & API Protection capabilities, see Compatibility.

2. Enable the library in your code by restarting PHP-FPM or Apache. In a containerized environment, if you previously installed the library without enabling Application & API Protection, you can optionally enable it after by setting the following environment variables:

   Update your configuration container for APM by adding the following arguments in your docker run command:

   docker run [...] -e DD_APPSEC_ENABLED=true -e DD_APM_TRACING_ENABLED=false [...]
   

   Add the following environment variable values to your container Dockerfile:

   ENV DD_APPSEC_ENABLED=true
   ENV DD_APM_TRACING_ENABLED=false
   

   Update your configuration yaml file container for APM and add the environment variables:

   spec:
     template:
       spec:
         containers:
           - name: <CONTAINER_NAME>
             image: <CONTAINER_IMAGE>/<TAG>
             env:
               - name: DD_APPSEC_ENABLED
                 value: "true"
               - name: DD_APM_TRACING_ENABLED
                 value: "false"
   

   Update your ECS task definition JSON file, by adding these in the environment section:

   "environment": [
     ...,
     {
       "name": "DD_APPSEC_ENABLED",
       "value": "true"
     },
     {
       "name": "DD_APM_TRACING_ENABLED",
       "value": "false"
     }
   ]
   

라이브러리가 애플리케이션에서 보안 데이터를 수집해 에이전트로 전송하고, 이 데이터는 다시 Datadog로 전송됩니다. 그러면 기본 감지 규칙에 의해 공격자 기술과 잠재 구성 오류가 플래그되어 문제 해결을 위한 단계를 밟을 수 있습니다.

3. 애플리케이션 보안 관리에서 감지 활동을 잘 하고 있는지 확인하려면 알려진 공격 패턴을 애플리케이션으로 보내세요. 예를 들어 다음 curl 스크립트가 포함된 파일을 실행해 보안 스캐너 감지됨 규칙을 트리거할 수 있습니다.

   for ((i=1;i<=250;i++)); 
   do
   # Target existing service’s routes
   curl https://your-application-url/existing-route -A dd-test-scanner-log;
   # Target non existing service’s routes
   curl https://your-application-url/non-existing-route -A dd-test-scanner-log;
   done

   참고: dd-test-scanner-log 값은 최신 릴리스에서 지원됩니다.

   애플리케이션을 활성화하고 실행한 몇 분 후 Datadog의 Application Trace and Signals Explorer에 위협 정보가 표시됩니다.

Further Reading

추가 유용한 문서, 링크 및 기사:

Adding user information to tracesDOCUMENTATION PHP Datadog Tracer Library source codeSOURCE CODE OOTB App & API Protection RulesDOCUMENTATION Troubleshooting App & API ProtectionDOCUMENTATION