Closed complib2891 closed 1 year ago
What version of this are you using? Could you paste your caddyfile?
i'm not sure, i just download caddy from https://caddyserver.com/download with this module, copy-pasting below part to enable the default crs and doesn't work. individual SecRule as the other example seems to work.
coraza_waf {
load_owasp_crs
directives `
Include @coraza.conf-recommended
Include @crs-setup.conf.example
Include @owasp_crs/*.conf
SecRuleEngine On
`
}
I see. Check the readme as you need to compile caddy with coraza. I wonder if we should provide an image of caddy with coraza so users can do PoC cc @M4tteoP
On Thu, 15 Jun 2023, 07:10 complib2891, @.***> wrote:
i'm not sure, i just download caddy from https://caddyserver.com/download with this module, copy-pasting below part to enable the default crs and doesn't work. individual SecRule as the other example seems to work.
coraza_waf { load_owasp_crs directives
Include @coraza.conf-recommended Include @crs-setup.conf.example Include @owasp_crs/*.conf SecRuleEngine On
}— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/74#issuecomment-1592369123, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYASZK2X7SBETBSJ6JA3XLKKKVANCNFSM6AAAAAAZHGXQUA . You are receiving this because you commented.Message ID: @.***>
i tried to recompile using xcaddy, it's still the same issue, which version of coraza-caddy should i use? v1.2.2 or v2.0.0-rc1?
Use v2.0.0-rc1
On Thu, Jun 15, 2023 at 10:14 AM complib2891 @.***> wrote:
i tried to recompile using xcaddy, it's still the same issue, which version of coraza-caddy should i use? v1.2.2 or v2.0.0-rc1?
— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/74#issuecomment-1592577191, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAR3IHLHVKFVQ4DTZZLXLK74PANCNFSM6AAAAAAZHGXQUA . You are receiving this because you commented.Message ID: @.***>
here my build script
#!/bin/bash
VER=v2.6.4
OUT=caddy.custom
# env GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build \
GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build $VER --output $OUT \
--with github.com/caddy-dns/cloudflare \
--with github.com/porech/caddy-maxmind-geolocation \
--with github.com/shift72/caddy-geo-ip \
--with github.com/mholt/caddy-ratelimit \
--with github.com/mastercactapus/caddy2-proxyprotocol \
--with github.com/caddyserver/transform-encoder \
--with github.com/gamalan/caddy-tlsredis \
--with github.com/corazawaf/coraza-caddy@v2.0.0-rc.1
but i'm seeing below error, sorry to trouble, could you please advice me on how to fix it?
2023/06/15 16:23:53 [INFO] exec (timeout=-2562047h47m16.854775808s): /usr/local/go/bin/go get -d -v github.com/corazawaf/coraza-caddy/v2@v2.0.0-rc.1 github.com/caddyserver/caddy/v2@v2.6.4
go: github.com/corazawaf/coraza-caddy@v2.0.0-rc.1: invalid version: module contains a go.mod file, so module path must match major version ("github.com/corazawaf/coraza-caddy/v2")
2023/06/15 16:23:54 [FATAL] exit status 1
hi @complib2891, it has been fixed recently (See https://github.com/corazawaf/coraza-caddy/pull/73). Please rely on --with github.com/corazawaf/coraza-caddy/v2@main
or point directly to the latest commit --with github.com/corazawaf/coraza-caddy/v2@61bb4b1be56ec509bdac47c18fedf1fe44c0c33b
. I just tested your script with both, it is running smoothly :)
Please use latest commit instead of 2.0.0-rc.1
For the sake of usability, could you @m4tteoP cut rc2?
On Thu, 15 Jun 2023, 10:26 complib2891, @.***> wrote:
here my build script
!/bin/bash
VER=v2.6.4 OUT=caddy.custom# env GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build \ GOOS=linux GOARCH=arm64 GOARM=7 xcaddy build $VER --output $OUT \ --with github.com/caddy-dns/cloudflare \ --with github.com/porech/caddy-maxmind-geolocation \ --with github.com/shift72/caddy-geo-ip \ --with github.com/mholt/caddy-ratelimit \ --with github.com/mastercactapus/caddy2-proxyprotocol \ --with github.com/caddyserver/transform-encoder \ --with github.com/gamalan/caddy-tlsredis \ --with @.***
but i'm seeing below error, sorry to trouble, could you please advice me on how to fix it?
2023/06/15 16:23:53 [INFO] exec (timeout=-2562047h47m16.854775808s): /usr/local/go/bin/go get -d -v @. @. go: @.***: invalid version: module contains a go.mod file, so module path must match major version ("github.com/corazawaf/coraza-caddy/v2") 2023/06/15 16:23:54 [FATAL] exit status 1
— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/74#issuecomment-1592597249, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAWXQ2Y6664KVEMIW7DXLLBMRANCNFSM6AAAAAAZHGXQUA . You are receiving this because you commented.Message ID: @.***>
Done! v2.0.0-rc.2
is out, --with github.com/corazawaf/coraza-caddy/v2
should now work fine
Thank you very much for all the help, almost felt ashamed because too dumb on websecurity :)
Don't feel ashamed and thanks for the patience!
how to fix below error?