Websocket passthrough

Adding support for websockets via HTTP/1.1 would be nice. I don't think, that they have to be “decrypted” by the WAF, but are simply passed through, to protect software like gotify, ntfy, Zammad, Minio, Rocket.Chat, ...

Nginx needs to set the following proxy settings, to enable websocket support:

1map $http_upgrade $connection_upgrade_keepalive {
2    default upgrade;
3    ''      close;
4}

1proxy_http_version          1.1;
2proxy_set_header Connection $http_connection;
3proxy_set_header Upgrade    $http_upgrade;

OK, with the Module "Scanner" in Audit mode websockets work as expected 🤔

It would be amazing, when you could switch these modes domain based

Safeline supports websockets naturally, so no configuration is required.