-
First of all I want to say thank you for the alternative to products like ModSecurity. This is very important for those who use open source. Before that, I had hardly ever met Go. That's why even simp…
-
Hello! Thank you for your plugin! Very awesome.
Is it available to first tls encrypt traffic, than pass it to Coraza? Your examples folder contains example with no TLS encryption, so i wonder is it…
GinkT updated
2 years ago
-
## Description
The MATCHED_VAR_NAME is taken from the chained rule. It should instead be taken from the rule where msg action is defined.
Variables are expanded incorrectly for Log and Msg of Ru…
-
I thought that maybe not need the logger field in the waf structure. There are two reasons for this:
1. coraza as a lib, the debug information is only applicable to the development or debugging stage…
-
### 1. ```func NewBodyBuffer(tmpDir string, memLimit int64) *BodyBuffer``` should receive a ```coraza.BodyBufferOptions``` instead?
- [x] #153
### 2. ```Makro.Tokens()``` should return a list of…
-
-
Hi,
I did some tests on the settings in the coreruleset/crs-setup.conf.example file and included this file in the Coraza-Server config.yml file, and found that the coreruleset GeoIP and Dos Protect…
-
Hi! I'm wondering if this ingress is production ready. It looks very nice! Seems like the latest release also isn't a pre-release.
-
```
[Thu Dec 16 02:12:07.990332 2021] error http.handlers.waf [client "201.189.88.159"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/coraza/owasp-crs/rules/REQUEST-942-APPL…
-
There are the following rules:
```
SecRule &TX:allowed_request_content_type_charset "@eq 0" \
"id:901168,\
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.4.0…