search

corazawaf / coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
https://www.coraza.io/
Apache License 2.0
330 stars 41 forks source link

Config error cannot run caddy with coraza waf #30

Closed vncloudsco closed 1 year ago

vncloudsco commented 1 year ago

I built the source code as specified

xcaddy build --with github.com/corazawaf/coraza-caddy

however then I get the following incorrect configuration error

root@caddy:~/tk# ./caddy adapt --config /etc/caddy/Caddyfile
{"logging":{"logs":{"default":{"exclude":["http.log.access.log0"]},"log0":{"writer":{"filename":"/home/caddy/xxxx.com.log","output":"file"},"include":["http.log.access.log0"]}}},"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"match":[{"host":["xxxx.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"directives":"","handler":"waf","include":["/etc/caddy/waf/config.conf","/etc/caddy/waf/coreruleset/crs-setup.conf.example","/etc/caddy/waf/coreruleset/rules/*.conf"]},{"handler":"vars","root":"/home/caddy/web"}]},{"handle":[{"handler":"static_response","headers":{"Location":["{http.request.orig_uri.path}/"]},"status_code":308}],"match":[{"file":{"try_files":["{http.request.uri.path}/index.php"]},"not":[{"path":["*/"]}]}]},{"handle":[{"handler":"rewrite","uri":"{http.matchers.file.relative}"}],"match":[{"file":{"split_path":[".php"],"try_files":["{http.request.uri.path}","{http.request.uri.path}/index.php","index.php"]}}]},{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"fastcgi","split_path":[".php"]},"upstreams":[{"dial":"127.0.0.1:1111"}]}],"match":[{"path":["*.php"]}]},{"handle":[{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"terminal":true}],"logs":{"logger_names":{"xxxx.com":"log0"}}}}}}}
2022/11/10 15:41:05.388 WARN    caddyfile       Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies    {"file": "/etc/caddy/Caddyfile", "line": 2}

here is my config file

{
        order coraza_waf first
}

xxxxxxxxx.com {
        coraza_waf {
                include /etc/caddy/waf/config.conf
                include /etc/caddy/waf/coreruleset/crs-setup.conf.example
                include /etc/caddy/waf/coreruleset/rules/*.conf
        }
        root * /home/caddy/web
        php_fastcgi 127.0.0.1:1111
        file_server
        log {
                output file /home/caddy/xxxx.com.log
        }
}

version info I'm using

root@caddy:~/tk# ./caddy version
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
vncloudsco commented 1 year ago

Here log detail 

Nov 10 15:31:08 caddy caddy[53627]: Error: loading initial config: loading new config: loading http app module: provision http: server srv0: setting up route handlers: route 0: loading handler modules: position 0: loading module 'subroute': provision http.handlers.subroute: setting up subroutes: route 0: loading handler modules: position 0: loading module 'waf': provision http.handlers.waf: failed to compile rule (unknown variable): &MULTIPART_PART_HEADERS:_charset_ "!@eq 0" "id:922100,phase:2,block,t:none,msg:'Multipart content type global _charset_ definition is not allowed by policy',logdata:'Matched Data: %{ARGS._charset_}',tag:'application-multi',tag:'language-multi',tag:'platform-multi',tag:'attack-multipart-header',tag:'OWASP_CRS',tag:'capec/1000/255/153',tag:'paranoia-level/1',ver:'OWASP_CRS/4.0.0-rc1',severity:'CRITICAL',chain"
vncloudsco commented 1 year ago

I fixed it by removing the REQUEST-922-MULTIPART-ATTACK.conf rule

jptosso commented 1 year ago

Hey! I will try to update coraza-caddy to the latest version of Coraza, which fixes this issue, today.