Skip to content

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities

License

Notifications You must be signed in to change notification settings

corazawaf/coraza-caddy

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

5158eaf · Apr 28, 2023

History

77 Commits
Mar 30, 2023
Feb 24, 2023
Apr 28, 2023
Apr 28, 2023
Apr 28, 2023
Apr 27, 2023
Mar 30, 2023
Feb 24, 2023
Mar 25, 2022
Jun 22, 2021
Apr 28, 2023
Apr 28, 2023
Apr 28, 2023
Apr 28, 2023
Apr 28, 2023
Mar 30, 2023
Mar 30, 2023
Mar 30, 2023
Apr 28, 2023
Feb 24, 2023
Apr 28, 2023
Apr 27, 2023
Feb 24, 2023

Repository files navigation

Coraza WAF Caddy Module

Tests Project Status: Active – The project has reached a stable, usable state and is being actively developed.

OWASP Coraza Caddy Module provides Web Application Firewall capabilities for Caddy.

OWASP Coraza WAF is 100% compatible with OWASP Coreruleset and Modsecurity syntax.

Getting started

go run mage.go -l lists all the available commands:

▶ go run mage.go -l
Targets:
  build              builds the plugin.
  buildLinux         builds the plugin with GOOS=linux.
  check              runs lint and tests.
  coverage           runs tests with coverage and race detector enabled.
  doc                runs godoc, access at http://localhost:6060
  e2e                runs e2e tests with a built plugin against the example deployment.
  format             formats code in this repository.
  ftw                runs CRS regressions tests.
  lint               verifies code quality.
  precommit          installs a git hook to run check when committing
  reloadExample      reload the test environment.
  runExample         spins up the test environment, access at http://localhost:8080.
  teardownExample    tears down the test environment.
  test               runs all tests.

Plugin syntax

coraza_waf {
 directives `
  Include /path/to/config.conf
  SecAction "id:1,pass,log"
 `
}

Sample usage:

Important: order coraza_waf first must be always included in your Caddyfile for Coraza module to work

{
    order coraza_waf first
}

http://127.0.0.1:8080 {
 coraza_waf {
  directives `
   SecAction "id:1,pass,log"
   SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
   SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
   Include file1.conf 
   Include file2.conf
   Include /some/path/*.conf
  `
 }
 reverse_proxy http://192.168.1.15:8080
}

Build Caddy with Coraza WAF

Run:

xcaddy build --with github.com/corazawaf/coraza-caddy

Testing

You may run the test suite by executing:

go run mage.go test

Using OWASP Core Ruleset

You can load OWASP CRS by passing the field load_owasp_crs and then load the CRS files in the directives as described in the coraza-coreruleset documentation.

:8080 {
 coraza_waf {
  load_owasp_crs
  directives `
   Include @coraza.conf-recommended
   Include @crs-setup.conf.example
   Include @owasp_crs/*.conf
   SecRuleEngine On
  `
 }

 reverse_proxy httpbin:8081
}