Looking for Coraza usage examples with coreruleset

Elicro · February 15, 2024, 10:06pm

I have tried to follow the docs from couple searches and the only guides I found were:
OSS WAF stack using Coraza, Caddy, and Elastic | by Juan Pablo Tosso | Medium

And
Introduction - OWASP Coraza

But when I have used the coreruleset which I downloaded to the server I am receiving a 500 status in any response from caddy for any request.
I have a very large set of backend servers (~10) and every time I test it takes a while and I have yet to find a Caddyfile that will just work out of the box as is without any customization.
My setup is composed mainly of wordpress sites.

Thanks,
Eliezer

francislavoie · February 16, 2024, 1:05am

You’ll get better help by opening an issue on the plugin’s GitHub repo.

briandoesdev · February 16, 2024, 1:18am

I tested a very simple configuration on my server (basically their sample) and it worked:

https://domain.tld {
	tls {
		on_demand
	}

	encode zstd gzip

	coraza_waf {
		load_owasp_crs
		directives `
		Include @coraza.conf-recommended
		Include @crs-setup.conf.example
		Include @owasp_crs/*.conf
		SecRuleEngine On
		`
	}

	reverse_proxy host:port
}

This is as of Caddy v2.7.5 and coraza-caddy v2.0.0-rc3. The server I am reverse proxying is also a Wordpress server. Do you mind sharing your configuration (redacted of course)?

system · March 16, 2024, 10:06pm

This topic was automatically closed after 30 days. New replies are no longer allowed.