-
Hey there, thank you for aiming to replace Trustwave ModSecurity. I have been following the instruction to setup coraza-spoa with haproxy and finally got it running. I am not seeing it block however.
…
-
I haven't found a option to add a spoa filter into he ingress, is this possible with the current version?
I try to create something similar like this setup with openpolicyagent and haproxy.
https://…
-
We are observing serious issues with memory consumption on V2 of ModSecurity in our kubernetes clusters.
We run performance tests against our application deployments, the ModSecurity containers just …
-
Using the documented procedures I've been able to successfully mirror small payloads that don't solicit a 100 status response or send a an expect:100-continue. This issue is easily reproduced by using…
-
Hello,
According to existing docs, coraza-spoa should return "1" for a verdict that will be denied. Verdicts that are blocked by the crs ruleset yield a "-" however. It does return "0" on a clean …
-
Hello,
I am trying to use spoa-mirror to mirror the production traffic(POST method) and send it to our staging environment.
But I didn't make it workl, please help to check what is the issue, than…
-
The [ENGINE AND INTEGRATION OPTIONS page](https://coreruleset.org/docs/deployment/engine_integration_options/) lists WAF engines that are compatible with the ModSecurity configuration language. Severa…
-
### Detailed Description of the Problem
I have a small SPOA running which implements some metrics for an old JSON-RPC service. My problem is that the SPOA does not get the complete HTTP response body…
-
Coraza-spoa got error after some day running, this is log message:
{"level":"error","ts":1681351374.8902335,"msg":"failed to get transaction from cache","transaction_id":"cc401a49-0815-4a3e-a355-69a6…
-
## Background
At a high level, we need a way to duplicate production traffic being sent to a user’s production hosts (primary) to a new set of hosts (shadow) with a new configuration. The goal is to…