Closed jcchavezs closed 1 year ago
Maybe the wording isn't the best one bue Include is a known directive in modsecurity/coraza (maybe it isn't part of seclang and it is more an Apache thing)
On Sun, 2 Apr 2023, 00:50 Felipe Zipitría, @.***> wrote:
@.**** commented on this pull request.
There in no Include in seclang. Are we extending it?
In coraza.go https://github.com/corazawaf/coraza-caddy/pull/51#discussion_r1155192838 :
if len(m.Include) > 0 {
- m.logger.Warn("Include field is deprected, do the include in directives instead")
⬇️ Suggested change
- m.logger.Warn("Include field is deprected, do the include in directives instead")
- m.logger.Warn("include field is deprecated, please use the Include directive instead")
— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/pull/51#pullrequestreview-1367963897, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAXRAQBHCWEV7TA4LFDW7CWNDANCNFSM6AAAAAAWP33LVI . You are receiving this because you authored the thread.Message ID: @.***>
Then let's change the wording so we don't confuse users. With this in mind, the integration has the requirement of providing this feature, or things won't work as expected...
I don't think we need to provide this. Whenever you use coraza you are used
to do Include @owasp_crs/*.conf
in the directives isn't? We expect the
same here.
On Sun, 2 Apr 2023, 01:10 Felipe Zipitría, @.***> wrote:
Then let's change the wording so we don't confuse users. With this in mind, the integration has the requirement of providing this feature, or things won't work as expected...
— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/pull/51#issuecomment-1493166006, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAXY6KYQ36CCNFRVIYLW7CYYBANCNFSM6AAAAAAWP33LVI . You are receiving this because you authored the thread.Message ID: @.***>
Ok, now I get it (I thought we were discussing coraza, instead of the connector 🤦).
If you change the wording with the suggestion I'll approve.
Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
It can be done in 'directives' field and only causes confusion with respect to ordering of rules which is something that matters when it comes to disruptive actions.