-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: improves readme for docker. #4
Conversation
Thank you @jcchavezs! |
Did it work?
…On Wed, 29 Mar 2023, 22:18 Andrew Howe, ***@***.***> wrote:
Thank you @jcchavezs <https://github.com/jcchavezs>!
—
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYASNM3ZGCMLUAPOSKZLW6SKKFANCNFSM6AAAAAAWK5QE7U>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
I'm revisiting this again today, and unfortunately it doesn't seem to work :( Maybe I'm missing something. Testing the Go variant, I get:
That is with my directives set like so:
Testing the Docker variant, I get:
Do I need to compile Coraza and copy the binary into the container? |
Looking into this.
…On Mon, 3 Apr 2023, 19:07 Andrew Howe, ***@***.***> wrote:
@jcchavezs <https://github.com/jcchavezs>
Did it work?
I'm revisiting this again today, and unfortunately it doesn't seem to work
:(
Maybe I'm missing something.
------------------------------
Testing the Go variant, I get:
$ go run ***@***.*** -directives ./directives.conf.example
2023/04/03 17:49:00 invalid WAF config from file: failed to parse string: failed to readfile: open path: invalid argument
exit status 1
That is with my directives set like so:
SecRuleEngine On
SecDebugLog /dev/stdout
SecDebugLogLevel 1
Include /home/xanadu/.git/coreruleset/crs-setup.conf.example
Include /home/xanadu/.git/coreruleset/rules/*.conf
------------------------------
Testing the Docker variant, I get:
$ sudo docker run ghcr.io/jcchavezs/coraza-httpbin:main
exec /usr/bin/coraza-httpbin: no such file or directory
—
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAUVABFCU4ZCHB53DFTW7L7W3ANCNFSM6AAAAAAWK5QE7U>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Hi @RedXanadu, thanks for the feedback and the error traces so I could reproduce the error. Unfortunately this is an issue with the file system as it does not like absolute paths. I tried different approaches and ended up creating my own library for merging filesystems because existing ones did have some opinions and did not implement all interfaces. I will soon fix as soon as finish test the new merge library. |
@RedXanadu could you please try this branch #6? |
@jcchavezs No joy: I'm getting the same errors with that branch:
and
Still using the same directives file:
|
Hi @RedXanadu I am sorry for not coming back earlier. I think the problem is that you are trying to run it from main (which did not include the changes in the PR by the time). I merged the PR into Notice |
Thanks @jcchavezs! Confirmed that this now works. This will make testing Coraza so much easier 😀 One quick question: do I need to tweak httpbin to accept non-GET requests? POST requests aren't making it to CRS, it seems. One of my usual CRS tests is
|
Interesting. Did you try with the default example config? Did you load the
coraza recommended conf? I wonder why get and post could get different
treatment.
…On Mon, 17 Apr 2023, 16:20 Andrew Howe, ***@***.***> wrote:
Thanks @jcchavezs <https://github.com/jcchavezs>! Confirmed that this now
works. This will make testing Coraza so much easier 😀
One quick question: do I need to tweak httpbin to accept non-GET requests?
POST requests aren't making it to CRS, it seems.
One of my usual CRS tests is
curl localhost --data 'test=/bin/bash'
but it isn't being detected: I'm just getting a 405 Method Not Allowed
from somewhere (maybe httpbin?):
$ curl localhost:8080 -v -o/dev/null --data 'test=/bin/bash'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/8.0.1
> Accept: */*
> Content-Length: 14
> Content-Type: application/x-www-form-urlencoded
>
} [14 bytes data]
< HTTP/1.1 405 Method Not Allowed
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Mon, 17 Apr 2023 14:18:09 GMT
< Content-Length: 24
<
{ [24 bytes data]
100 38 100 24 100 14 5083 2965 --:--:-- --:--:-- --:--:-- 9500
* Connection #0 to host localhost left intact
—
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYARN3LE7MJPU5ND3PQTXBVGUXANCNFSM6AAAAAAWK5QE7U>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Yes, with the default directive file/config POST arguments are not causing CRS to flag. What is the Coraza recommended conf? Is that an extra file that should be |
Is secrequestbodyaccess enabled and or the content type correct?
…On Mon, 17 Apr 2023, 18:25 Andrew Howe, ***@***.***> wrote:
Yes, with the default directive file/config POST arguments are not causing
CRS to flag.
What is the Coraza recommended conf? Is that an extra file that should be
Include-d somewhere?
—
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAQGROF4BBYCR2TYH4LXBVVG5ANCNFSM6AAAAAAWK5QE7U>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@jcchavezs Adding So, should this file be
I would like to document on the CRS documentation website how to use
then I'll document it like that. |
Awesome @RedXanadu. Ideally that can be imported directly https://github.com/corazawaf/coraza-coreruleset/blob/main/rules/%40coraza.conf-recommended so maybe it should be fixed in this repo itself. |
Done #8 |
No description provided.