Open romko11l opened 2 months ago
Hi @romko11l, thanks a lot for the detailed report. I managed to reproduce it and propose an initial fix: https://github.com/corazawaf/coraza/pull/1062. Any feedback is welcomed.
After being merged, we will have to port the fix also to coraza-caddy
.
Coraza module for Caddy pass reponse headers, even if it should not give the response to the user.
Example of a protected backend:
Caddyfile:
Coraza-caddy do not pass response body, but pass response headers:
Steps to reproduce:
Expected Behavior: Caddy server should not pass response headers from backend.
Actual Behavior: Caddy server pass response headers from backend.
Additional Information:
xcaddy build v2.7.6 --with github.com/corazawaf/coraza-caddy/v2