OWASP Coraza Caddy Module provides Web Application Firewall capabilities for Caddy.
OWASP Coraza WAF is 100% compatible with OWASP Coreruleset and Modsecurity syntax.
coraza_waf {
directives `
SecAction "id:1,pass,log"
`
include /path/to/config.conf
}
Sample usage:
Important: order coraza_waf first must be always included in your Caddyfile for Coraza module to work
{
order coraza_waf first
}
http://127.0.0.1:8080 {
coraza_waf {
directives `
SecAction "id:1,pass,log"
SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
`
include file1.conf
include file2.conf
include /some/path/*.conf
}
reverse_proxy http://192.168.1.15:8080
}
Run:
xcaddy build --with github.com/corazawaf/coraza-caddy
You may run the test suite by executing:
$ git clone https://github.com/corazawaf/coraza-caddy
$ cd coraza-caddy
$ go test ./...`
Clone the coreruleset repository and download the default coraza configurations from Coraza repository, then add the following to you coraza_waf directive:
include caddypath/coraza.conf-recommended
include caddypath/coreruleset/crs-setup.conf.example
include caddypath/coreruleset/rules/*.conf