Coraza WAF Caddy Module
Coraza Caddy Module a WAF for your applications using FastCGI or reverse proxy.
Prerequisites
- Xcaddy
- Golang 1.16+
- Linux Operating system (Coraza does not support Windows)
Plugin syntax
Important: order coraza_waf first
must be always included in your Caddyfile for Coraza module to work
coraza {
directives `
SecAction "id:1,pass,log"
`
include /path/to/config.conf
}
Sample usage:
{
auto_https off
order coraza_waf first
}
http://127.0.0.1:8080 {
coraza_waf {
directives `
SecAction "id:1,pass,log"
SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
`
include file1.conf
include file2.conf
include /some/path/*.conf
}
reverse_proxy http://192.168.1.15:8080
}
Build Caddy with Coraza WAF
Run:
xcaddy build --with github.com/jptosso/coraza-caddy
Testing
You may run the test suite by executing:
$ git clone https://github.com/jptosso/coraza-caddy
$ cd coraza-caddy
$ go test ./...`
Compiling with CRS support
Uncomment the plugins github.com/jptosso/coraza-libinjection and github.com/coraza-pcre from caddy/main.go and then compile.
Using OWASP Core Ruleset
Once you have enabled your plugin, you will have to clone coreruleset and download the default coraza configurations from Coraza repository, then add the following to you coraza_waf directive:
include caddypath/coraza.conf-recommended
include caddypath/coreruleset/crs-setup.conf.example
include caddypath/coreruleset/rules/*.conf