Idea: modsecurity compatible plugin

I was looking at setting up modsecurity with the owasp core rules, but realized that unless I run Apache in front of caddy, it won’t be possible.

I haven’t done much golang, but was interested in trying this out, even if just for partial modsecurity support.

Two questions:

  • Would this be possible as a Caddy plugin?
  • Do you think anyone else would be interested in such a plugin?

I can’t speak for everyone, but since many people who use Caddy do so for its security benefits, I would imagine that people will find such a plugin useful. See issue 312 and related forum topic.

1 Like

A (mod_)security plugin would be great. I use caddy as webserver and reverse proxy too.