OWASP Coraza Caddy Module provides Web Application Firewall capabilities for Caddy.
OWASP Coraza WAF is 100% compatible with OWASP Coreruleset and Modsecurity syntax.
go run mage.go -l
lists all the available commands:
▶ go run mage.go -l
Targets:
build builds the plugin.
buildLinux builds the plugin with GOOS=linux.
check runs lint and tests.
coverage runs tests with coverage and race detector enabled.
doc runs godoc, access at http://localhost:6060
e2e runs e2e tests with a built plugin against the example deployment.
format formats code in this repository.
ftw runs CRS regressions tests.
lint verifies code quality.
precommit installs a git hook to run check when committing
reloadExample reload the test environment.
runExample spins up the test environment, access at http://localhost:8080.
teardownExample tears down the test environment.
test runs all tests.
coraza_waf {
directives `
Include /path/to/config.conf
SecAction "id:1,pass,log"
`
}
Sample usage:
Important: order coraza_waf first
must be always included in your Caddyfile for Coraza module to work
{
order coraza_waf first
}
http://127.0.0.1:8080 {
coraza_waf {
directives `
SecAction "id:1,pass,log"
SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
Include file1.conf
Include file2.conf
Include /some/path/*.conf
`
}
reverse_proxy http://192.168.1.15:8080
}
Run:
xcaddy build --with github.com/corazawaf/coraza-caddy
You may run the test suite by executing:
go run mage.go test
You can load OWASP CRS by passing the field load_owasp_crs
and then load the CRS files in the directives as described in the coraza-coreruleset documentation.
:8080 {
coraza_waf {
load_owasp_crs
directives `
Include @coraza.conf-recommended
Include @crs-setup.conf.example
Include @owasp_crs/*.conf
SecRuleEngine On
`
}
reverse_proxy httpbin:8081
}