search

corazawaf / coraza-caddy

OWASP Coraza middleware for Caddy. It provides Web Application Firewall capabilities
https://www.coraza.io/
Apache License 2.0
290 stars 35 forks source link

Caddy handle_errors not working with v2 #88

Open skixmix opened 1 year ago

skixmix commented 1 year ago

Hello,

Whilst working with the most recent version (v2) of this module, I observed that the handle_errors directive is no longer functional with the 403 code initiated by the WAF. However, in the v1.2.2 version of the module, this feature operates correctly.

My configuration (the commented parts are used in v2):

    # Error handling
    handle_errors {
        reverse_proxy http://localhost:5001 {
            respond "Hello"
        }
    }

        coraza_waf {
            # load_owasp_crs
            # directives `
            include /waf/coraza/coraza.conf-recommended
            include /waf/coreruleset/crs-setup.conf.example
            include /waf/coreruleset/rules/*.conf
            # `
        }

In version 1.2.2, the activation of a rule prompts the display of the "Hello" message. However, in version 2, the standard browser's 403 page is presented instead.

Thank you, Simone

jptosso commented 1 year ago

@jcchavezs I can confirm it used to work, but something changed in how we handle errors. @jcchavezs @M4tteoP