search

corazawaf / coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
https://www.coraza.io/
Apache License 2.0
330 stars 41 forks source link

chore: deprecates Include config field. #51

Closed jcchavezs closed 1 year ago

jcchavezs commented 1 year ago

It can be done in 'directives' field and only causes confusion with respect to ordering of rules which is something that matters when it comes to disruptive actions.

jcchavezs commented 1 year ago

Maybe the wording isn't the best one bue Include is a known directive in modsecurity/coraza (maybe it isn't part of seclang and it is more an Apache thing)

On Sun, 2 Apr 2023, 00:50 Felipe Zipitría, @.***> wrote:

@.**** commented on this pull request.

There in no Include in seclang. Are we extending it?

In coraza.go https://github.com/corazawaf/coraza-caddy/pull/51#discussion_r1155192838 :

if len(m.Include) > 0 {
  • m.logger.Warn("Include field is deprected, do the include in directives instead")

⬇️ Suggested change

  • m.logger.Warn("Include field is deprected, do the include in directives instead")
  • m.logger.Warn("include field is deprecated, please use the Include directive instead")

— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/pull/51#pullrequestreview-1367963897, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAXRAQBHCWEV7TA4LFDW7CWNDANCNFSM6AAAAAAWP33LVI . You are receiving this because you authored the thread.Message ID: @.***>

fzipi commented 1 year ago

Then let's change the wording so we don't confuse users. With this in mind, the integration has the requirement of providing this feature, or things won't work as expected...

jcchavezs commented 1 year ago

I don't think we need to provide this. Whenever you use coraza you are used to do Include @owasp_crs/*.conf in the directives isn't? We expect the same here.

On Sun, 2 Apr 2023, 01:10 Felipe Zipitría, @.***> wrote:

Then let's change the wording so we don't confuse users. With this in mind, the integration has the requirement of providing this feature, or things won't work as expected...

— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/pull/51#issuecomment-1493166006, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAXY6KYQ36CCNFRVIYLW7CYYBANCNFSM6AAAAAAWP33LVI . You are receiving this because you authored the thread.Message ID: @.***>

fzipi commented 1 year ago

Ok, now I get it (I thought we were discussing coraza, instead of the connector 🤦).

If you change the wording with the suggestion I'll approve.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication