Fails GotestWAF block check

[rholden3]

When I attempt to test Coraza with GoTestWAF, the WAF block check fails and I am unable to perform a successful test.

Caddyfile:

{
        order coraza_waf first
}

http://fqdn:80 {
        coraza_waf {
                include ./coraza/coraza.conf-recommended
                include ./coreruleset/crs-setup.conf.example
                include ./coreruleset/rules/*.conf
        }
        reverse_proxy http://172.16.157.140:80
}

Error running GotestWAF: ERRO[0000] caught error in main function error="WAF was not detected. Please use the '--blockStatusCodes' or '--blockRegex' flags. Use '--help' for additional info. Baseline attack status code: 200" If I run with flag --skipWAFBlockCheck the test fails so it's clear that GotestWAF needs to be told what actual blocking looks like

According to GotestWAF documentation, I can use either of these arguments to detect the WAF blocking

  --blockRegex string       Regex to detect a blocking page with the same HTTP response status code as a not blocked request
  --blockStatusCodes ints   HTTP status code that WAF uses while blocking requests (default [403])

Please help me determine how I can best go about this to get a successful POC

[jptosso]

Hey, Sorry for the late response! Make sure coraza.conf-recommended has SecRuleEngine On instead of DetectOnly

[fzipi]

@rholden3 Were you able to add @jptosso's recommendation? Did it work for you?

[rholden3]

Unfortunately, I had to move on to other things as we are looking to use a vendor WAF functionality that it turns out we already have.