Unix Socket Support?

[monkburger]

Similar to https://github.com/corazawaf/coraza-caddy/issues/78 - I'm using the following setup;

Nginx -> Caddy + Coraza -> Apache

Nginx is doing TLS Termination, and Caddy is talking to Nginx over a UDS, and finally, a basic connection to Apache (can't seem to finally get away from .htaccess)

Anyways, a remote CURL on a mocked domains throws this:

2023/12/13 11:51:38.033 error http.handlers.waf [client ""] Coraza: Access denied (phase 2). [file ""] [line "2"] [id "1"] [rev ""] [msg ""] [data ""] [severity "emergency"] [ver ""] [maturity "0"] [accuracy "0"] [hostname ""] [uri "/"] [unique_id "HWbmWIpvlOLuYhQN"]

Meanwhile, a local curl command to a UNIX domain socket throws this as well:

2023/12/13 11:52:37.089 error http.handlers.waf [client ""] Coraza: Access denied (phase 2). [file ""] [line "2"] [id "1"] [rev ""] [msg ""] [data ""] [severity "emergency"] [ver ""] [maturity "0"] [accuracy "0"] [hostname ""] [uri "/"] [unique_id "kISnrvTyehgtqnNc"]

When SecRuleEngine is off, it works as expected.

Basic config to repo this issue, eg:

{
    debug
    auto_https off
    order coraza_waf first
    log {
        output file "/tmp/caddy.log"
    }

    servers {
        trusted_proxies static private_ranges
    }
}

http://test.test {
    log {
        level DEBUG
        output file /tmp/caddy_test.log
    }

    coraza_waf {
        load_owasp_crs
        directives `
        SecAction "id:1,pass,log"
        Include @coraza.conf-recommended
        Include @crs-setup.conf.example
        Include @owasp_crs/*.conf
        SecRuleEngine On
        `
    }
    bind unix//run/caddy
        # Apache HTTP on 81 
    reverse_proxy http://localhost:81
}