Open csuka opened 1 month ago
Hi @csuka Have you tried changing SecRuleEngine to On on coraza.conf?
# Enable Coraza, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
#SecRuleEngine DetectionOnly
SecRuleEngine On
I'm using Alma 8, go version go1.21.11, haproxy 2.8.10.
I've cloned the repo, created the coraza-spoa binary, and setup all config files, essentially following this guide.
I run the binary, and it's listening on port 9000.
When I do a curl request, e.g.
curl http://localhost:80/\?x\=/etc/passwd
, I see the request being denied by the owasp ruleset, but coraza returns an allow to haproxy. I've checked this using the debug option in haproxy:%[var(txn.coraza.action)]
.I expected a deny, as the owasp ruleset flags the request as critical as well. Example of coraza message:
I actually think that this commit broke it.
Also, when using the docker container I get the same results.