Looking for Coraza usage examples with coreruleset

I have tried to follow the docs from couple searches and the only guides I found were:
OSS WAF stack using Coraza, Caddy, and Elastic | by Juan Pablo Tosso | Medium

Introduction - OWASP Coraza

But when I have used the coreruleset which I downloaded to the server I am receiving a 500 status in any response from caddy for any request.
I have a very large set of backend servers (~10) and every time I test it takes a while and I have yet to find a Caddyfile that will just work out of the box as is without any customization.
My setup is composed mainly of wordpress sites.


You’ll get better help by opening an issue on the plugin’s GitHub repo.

I tested a very simple configuration on my server (basically their sample) and it worked:

https://domain.tld {
	tls {

	encode zstd gzip

	coraza_waf {
		directives `
		Include @coraza.conf-recommended
		Include @crs-setup.conf.example
		Include @owasp_crs/*.conf
		SecRuleEngine On

	reverse_proxy host:port

This is as of Caddy v2.7.5 and coraza-caddy v2.0.0-rc3. The server I am reverse proxying is also a Wordpress server. Do you mind sharing your configuration (redacted of course)?

This topic was automatically closed after 30 days. New replies are no longer allowed.