Skip to content

Latest commit

 

History

History
 
 

http-server

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
testdata
testdata
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
default.conf
default.conf
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
main_test.go
main_test.go
 
 

README.md

HTTP-Server with Coraza

This example is intended to provide a straightforward way to spin up Coraza and grasp its behaviour.

Run the example

go run .

The server will be reachable at http://localhost:8090.

# True positive request (403 Forbidden)
curl -i 'localhost:8090/hello?id=0'
# True negative request (200 OK)
curl -i 'localhost:8090/hello'

You can customise the rules to be used by using the DIRECTIVES_FILE environment variable to load a directives file:

DIRECTIVES_FILE=my_directives.conf go run .

You can also customise response body and response headers by using RESPONSE_HEADERS and RESPONSE_BODY environment variables respectively:

RESPONSE_BODY=creditcard go run .

And then

# True positive request (403 Forbidden) due to matching response body
curl -i 'localhost:8090/hello'

Customize WAF rules

The configuration of the WAF relies on default.conf. Feel free to play with it.

Customize server behaviour

The following snippet shows an example of code that may be added to the exampleHandler in order to make the example capable of echoing the body request. It comes in handy for testing rules that match the response body.

func exampleHandler(w http.ResponseWriter, req *http.Request) {
 w.Header().Set("Content-Type", "text/plain")
   var buf bytes.Buffer
 _, err := io.Copy(&buf, req.Body)
   if err != nil {
     log.Fatalf("handler can not read request body: %v", err)
   }
 w.Write(buf.Bytes())
}