Coraza Caddy Module a WAF for your applications using FastCGI or reverse proxy.
- Xcaddy
- Golang 1.16+
- Linux Operating system (Coraza does not support Windows)
Important: order coraza_waf first must be always included in your Caddyfile for Coraza module to work
coraza {
directives `
SecAction "id:1,pass,log"
`
include /path/to/config.conf
}
Sample usage:
{
auto_https off
order coraza_waf first
}
http://127.0.0.1:8080 {
coraza_waf {
directives `
SecAction "id:1,pass,log"
SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
`
include file1.conf
include file2.conf
include /some/path/*.conf
}
reverse_proxy http://192.168.1.15:8080
}
Run:
xcaddy build --with github.com/s-demp/coraza-caddy
You may run the test suite by executing:
$ git clone https://github.com/s-demp/coraza-caddy
$ cd coraza-caddy
$ go test ./...`
Uncomment the plugin github.com/coraza-pcre from caddy/main.go and then compile.
Once you have enabled your plugin, you will have to clone coreruleset and download the default coraza configurations from Coraza repository, then add the following to you coraza_waf directive:
include caddypath/coraza.conf-recommended
include caddypath/coreruleset/crs-setup.conf.example
include caddypath/coreruleset/rules/*.conf