zc-devs
commented
10 months ago If you process only requests, then it's easy:
# /etc/haproxy/coraza.conf
spoe-message coraza-req
args app=req.hdr(host) id=unique-id ...# /etc/coraza-spoa/spoa.yaml
applications:
dom1.example.com:
rules:
...
dom2.example.com:
rules:
...If you would like to process responses as well, then you have to save host in transaction variable:
# /etc/haproxy/haproxy.cfg
frontend https_front
...
http-request set-var(txn.app_name) req.hdr(host)
...and use it in response processing:
# /etc/haproxy/coraza.conf
spoe-message coraza-res
args app=var(txn.app_name) id=unique-id ...
thelogh
I have multiple virtuals host on haproxy. I wanted to know which is the right way to configure coraza-spoa with different configurations based on the backend or domain. To activate or deactivate the waf or activate only some rules. I created multiple apps in the configuration file /etc/coraza-spoa/config.yaml, and tested the app name in /etc/haproxy/coraza.cfg args app=str(appname). What is the right procedure? Do you have a configuration example that can help me?