search

corazawaf / coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
https://www.coraza.io/
Apache License 2.0
329 stars 41 forks source link

[Question] Do I need to download any ruleset? #143

Open dannykorpan opened 6 months ago

dannykorpan commented 6 months ago

Hi,

I'm using Caddyserver through a docker-compose.yml and a custom build via a Dockerfile to enable Coraza-Caddy. If I'm incorporating this, for example, from your configuration, into my custom Caddyfile, do I need to mount the rulesets via a Docker volume?

:8080 {
 coraza_waf {
  load_owasp_crs
  directives `
   Include @coraza.conf-recommended
   Include @crs-setup.conf.example
   Include @owasp_crs/*.conf
   SecRuleEngine On
  `
 }

 reverse_proxy httpbin:8081
}

Kind regards and thanks in advance Danny

jcchavezs commented 6 months ago

Nope, by using load_owasp_crs you already load CRS

ti-guru commented 5 months ago

@jcchavezs How would you install plugins? I would like to add the Nextcloud rule exclusion plugin.

jcchavezs commented 4 months ago

Good question. If you want to include plugins you need to have in your FS and use the Include directive.

On Sat, May 4, 2024 at 1:36 PM ti-guru @.***> wrote:

@jcchavezs https://github.com/jcchavezs How would you install plugins https://coreruleset.org/docs/concepts/plugins/#how-to-install-a-plugin? I would like to add the Nextcloud rule exclusion plugin https://github.com/coreruleset/nextcloud-rule-exclusions-plugin.

— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/143#issuecomment-2094130803, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAR4GUSI2LLGU4LLQKTZATB4DAVCNFSM6AAAAABFHJY4N2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJUGEZTAOBQGM . You are receiving this because you were mentioned.Message ID: @.***>