search

corazawaf / coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
https://www.coraza.io/
Apache License 2.0
290 stars 35 forks source link

caddy validation failed: invalid key for filter directive: load_owasp_crs #74

Closed complib2891 closed 1 year ago

complib2891 commented 1 year ago

how to fix below error?

Error: adapting config using caddyfile: parsing caddyfile tokens for 'coraza_waf': Caddyfile:136 - Error during parsing: invalid key for filter 
directive: load_owasp_crs
jcchavezs commented 1 year ago

What version of this are you using? Could you paste your caddyfile?

complib2891 commented 1 year ago

i'm not sure, i just download caddy from https://caddyserver.com/download with this module, copy-pasting below part to enable the default crs and doesn't work. individual SecRule as the other example seems to work.

 coraza_waf {
  load_owasp_crs
  directives `
   Include @coraza.conf-recommended
   Include @crs-setup.conf.example
   Include @owasp_crs/*.conf
   SecRuleEngine On
  `
 }
jcchavezs commented 1 year ago

I see. Check the readme as you need to compile caddy with coraza. I wonder if we should provide an image of caddy with coraza so users can do PoC cc @M4tteoP

On Thu, 15 Jun 2023, 07:10 complib2891, @.***> wrote:

i'm not sure, i just download caddy from https://caddyserver.com/download with this module, copy-pasting below part to enable the default crs and doesn't work. individual SecRule as the other example seems to work.

coraza_waf { load_owasp_crs directives Include @coraza.conf-recommended Include @crs-setup.conf.example Include @owasp_crs/*.conf SecRuleEngine On }

— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/74#issuecomment-1592369123, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYASZK2X7SBETBSJ6JA3XLKKKVANCNFSM6AAAAAAZHGXQUA . You are receiving this because you commented.Message ID: @.***>

complib2891 commented 1 year ago

i tried to recompile using xcaddy, it's still the same issue, which version of coraza-caddy should i use? v1.2.2 or v2.0.0-rc1?

jcchavezs commented 1 year ago

Use v2.0.0-rc1

On Thu, Jun 15, 2023 at 10:14 AM complib2891 @.***> wrote:

i tried to recompile using xcaddy, it's still the same issue, which version of coraza-caddy should i use? v1.2.2 or v2.0.0-rc1?

— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/74#issuecomment-1592577191, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAR3IHLHVKFVQ4DTZZLXLK74PANCNFSM6AAAAAAZHGXQUA . You are receiving this because you commented.Message ID: @.***>

complib2891 commented 1 year ago

here my build script

#!/bin/bash

VER=v2.6.4
OUT=caddy.custom
# env GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build \
GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build $VER --output $OUT \
  --with github.com/caddy-dns/cloudflare \
  --with github.com/porech/caddy-maxmind-geolocation \
  --with github.com/shift72/caddy-geo-ip \
  --with github.com/mholt/caddy-ratelimit \
  --with github.com/mastercactapus/caddy2-proxyprotocol \
  --with github.com/caddyserver/transform-encoder \
  --with github.com/gamalan/caddy-tlsredis \
  --with github.com/corazawaf/coraza-caddy@v2.0.0-rc.1

but i'm seeing below error, sorry to trouble, could you please advice me on how to fix it?

2023/06/15 16:23:53 [INFO] exec (timeout=-2562047h47m16.854775808s): /usr/local/go/bin/go get -d -v github.com/corazawaf/coraza-caddy/v2@v2.0.0-rc.1 github.com/caddyserver/caddy/v2@v2.6.4 
go: github.com/corazawaf/coraza-caddy@v2.0.0-rc.1: invalid version: module contains a go.mod file, so module path must match major version ("github.com/corazawaf/coraza-caddy/v2")
2023/06/15 16:23:54 [FATAL] exit status 1
M4tteoP commented 1 year ago

hi @complib2891, it has been fixed recently (See https://github.com/corazawaf/coraza-caddy/pull/73). Please rely on --with github.com/corazawaf/coraza-caddy/v2@main or point directly to the latest commit --with github.com/corazawaf/coraza-caddy/v2@61bb4b1be56ec509bdac47c18fedf1fe44c0c33b. I just tested your script with both, it is running smoothly :)

jcchavezs commented 1 year ago

Please use latest commit instead of 2.0.0-rc.1

For the sake of usability, could you @m4tteoP cut rc2?

On Thu, 15 Jun 2023, 10:26 complib2891, @.***> wrote:

here my build script

!/bin/bash

VER=v2.6.4 OUT=caddy.custom# env GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build \ GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build $VER --output $OUT \ --with github.com/caddy-dns/cloudflare \ --with github.com/porech/caddy-maxmind-geolocation \ --with github.com/shift72/caddy-geo-ip \ --with github.com/mholt/caddy-ratelimit \ --with github.com/mastercactapus/caddy2-proxyprotocol \ --with github.com/caddyserver/transform-encoder \ --with github.com/gamalan/caddy-tlsredis \ --with @.***

but i'm seeing below error, sorry to trouble, could you please advice me on how to fix it?

2023/06/15 16:23:53 [INFO] exec (timeout=-2562047h47m16.854775808s): /usr/local/go/bin/go get -d -v @. @. go: @.***: invalid version: module contains a go.mod file, so module path must match major version ("github.com/corazawaf/coraza-caddy/v2") 2023/06/15 16:23:54 [FATAL] exit status 1

— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/74#issuecomment-1592597249, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAWXQ2Y6664KVEMIW7DXLLBMRANCNFSM6AAAAAAZHGXQUA . You are receiving this because you commented.Message ID: @.***>

M4tteoP commented 1 year ago

Done! v2.0.0-rc.2 is out, --with github.com/corazawaf/coraza-caddy/v2 should now work fine

complib2891 commented 1 year ago

Thank you very much for all the help, almost felt ashamed because too dumb on websecurity :)

jcchavezs commented 1 year ago

Don't feel ashamed and thanks for the patience!