-
-
Hey @bxlxx thank you for this excellent project!
Because of your advice and Coraza's recent partnership with OWASP, I'm moving the Coraza project to the corazawaf organization and I will replace al…
-
```
[Thu Dec 16 02:12:07.990332 2021] error http.handlers.waf [client "201.189.88.159"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/coraza/owasp-crs/rules/REQUEST-942-APPL…
-
## Description
The MATCHED_VAR_NAME is taken from the chained rule. It should instead be taken from the rule where msg action is defined.
Variables are expanded incorrectly for Log and Msg of Ru…
-
## Description
when i use tx.ProcessRequestBody() and my body request is an array json like this:
[{"name":"confluence.page.reading","properties":{"pageID":"111111"},"timeDelta":0}]
i get Interru…
-
First, just want to say that I'm really excited about this project - it's great to have an alternative to Apache or nginx with ModSecurity!
I've built a distroless image that uses Caddy, Coraza and…
-
Hi,
I did some tests on the settings in the coraza.conf-recommended file and included this file in the Coraza-Server config.yml file, but some configurations don't work. Please have a took and give…
-
## Description
Request body checking does not work because request body is always empty.
### Code with issues
File, `protocols/spoa/request_processor.go`
Line 25, `value, ok = arg.Value.(str…
-
There are the following rules:
```
SecRule &TX:allowed_request_content_type_charset "@eq 0" \
"id:901168,\
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.4.0…
-
It's failing go-ftw tests. It requires more research.
```yaml
- test_title: 943110-4
desc: Session Fixation Attack (943110) from old modsec regressions
stages:
- stage:
…