-
Hello,
I was thinking that it would be a good idea to integrate the OWASP coreruleset into this plugin. I guess this would mean translating all the rules into directives in yaml format.
Best,
E…
-
Coraza module for Caddy pass reponse headers, even if it should not give the response to the user.
Example of a protected backend:
```go
package main
import (
"fmt"
"log"
"net/http"
)…
-
**Is your feature request related to a problem? Please describe.**
I would like to add protection for sites to NPM and be able to block IP's based on reputation/scenario using Crowdsecurity https://g…
-
I'm trying to integrate WAF into Kong gateway. I came across Coraza and you custom plugin. Since there any documentation of your plugin, I'm assuming that your Go plugin is reading SecLang rules using…
-
OWASP provide an official ModSecurity CRS container - https://github.com/coreruleset/modsecurity-crs-docker . It would be fantastic to have a coraza-crs-docker take its place.
I'm using this in the…
-
## Description
The Go Race Detector pointed out a data race on the new RuleMetadata.StrID() introduced in https://github.com/corazawaf/coraza/pull/1039
### Steps to reproduce
Running tests which …
-
Testing the plugin, it seems that GET requests are not registered on the Treblle online dashboard even with valid JSON response.
Maybe I missed something, but the only way to work around it was to:…
-
**Description of the problem**
What is not working - injected backend config when using Ingress annotations:
haproxy-ingress.github.io/waf: "modsecurity"
haproxy-ingress.github.io/waf-mode:…
-
This is the Agenda for the two Monthly CRS Chats.
The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2024-07-01, at 20:30 CEST. That's the 1st Mon…
fzipi updated
4 months ago
-
Hey,
I seem to have an issue where the plugin seems to ignore IP addresses that I add to actl:ruleEngine=off rule
```
SecRule REMOTE_ADDR "@ipMatch co.oo.l.ip,127.0.0.1, etc" \
"id:1000100,…