Open monkburger opened 6 months ago
Similar to https://github.com/corazawaf/coraza-caddy/issues/78 - I'm using the following setup;
Nginx -> Caddy + Coraza -> Apache
Nginx is doing TLS Termination, and Caddy is talking to Nginx over a UDS, and finally, a basic connection to Apache (can't seem to finally get away from .htaccess)
Anyways, a remote CURL on a mocked domains throws this:
2023/12/13 11:51:38.033 error http.handlers.waf [client ""] Coraza: Access denied (phase 2). [file ""] [line "2"] [id "1"] [rev ""] [msg ""] [data ""] [severity "emergency"] [ver ""] [maturity "0"] [accuracy "0"] [hostname ""] [uri "/"] [unique_id "HWbmWIpvlOLuYhQN"]
Meanwhile, a local curl command to a UNIX domain socket throws this as well:
2023/12/13 11:52:37.089 error http.handlers.waf [client ""] Coraza: Access denied (phase 2). [file ""] [line "2"] [id "1"] [rev ""] [msg ""] [data ""] [severity "emergency"] [ver ""] [maturity "0"] [accuracy "0"] [hostname ""] [uri "/"] [unique_id "kISnrvTyehgtqnNc"]
When SecRuleEngine is off, it works as expected.
Basic config to repo this issue, eg:
{ debug auto_https off order coraza_waf first log { output file "/tmp/caddy.log" } servers { trusted_proxies static private_ranges } } http://test.test { log { level DEBUG output file /tmp/caddy_test.log } coraza_waf { load_owasp_crs directives ` SecAction "id:1,pass,log" Include @coraza.conf-recommended Include @crs-setup.conf.example Include @owasp_crs/*.conf SecRuleEngine On ` } bind unix//run/caddy # Apache HTTP on 81 reverse_proxy http://localhost:81 }
Similar to https://github.com/corazawaf/coraza-caddy/issues/78 - I'm using the following setup;
Nginx -> Caddy + Coraza -> Apache
Nginx is doing TLS Termination, and Caddy is talking to Nginx over a UDS, and finally, a basic connection to Apache (can't seem to finally get away from .htaccess)
Anyways, a remote CURL on a mocked domains throws this:
2023/12/13 11:51:38.033 error http.handlers.waf [client ""] Coraza: Access denied (phase 2). [file ""] [line "2"] [id "1"] [rev ""] [msg ""] [data ""] [severity "emergency"] [ver ""] [maturity "0"] [accuracy "0"] [hostname ""] [uri "/"] [unique_id "HWbmWIpvlOLuYhQN"]
Meanwhile, a local curl command to a UNIX domain socket throws this as well:
2023/12/13 11:52:37.089 error http.handlers.waf [client ""] Coraza: Access denied (phase 2). [file ""] [line "2"] [id "1"] [rev ""] [msg ""] [data ""] [severity "emergency"] [ver ""] [maturity "0"] [accuracy "0"] [hostname ""] [uri "/"] [unique_id "kISnrvTyehgtqnNc"]
When SecRuleEngine is off, it works as expected.
Basic config to repo this issue, eg: