Open Barnoux opened 5 months ago
Hey, apologies, I just took a look at this now. I'm quite confident you are facing the point 3.
written in the PR you mentioned:
Just like phases 3 and phases 4, also for phase 5 I had to explicitly set SecDefaultAction "phase:5,log,auditlog,pass" (Related to https://github.com/corazawaf/coraza/issues/494). Rule 980170 does not have explicit log, therefore Coraza does not log its message without setting the default action also for this phase.
So something like the following should do the trick 🤞
coraza_waf {
directives `
Include /ruleset/coraza.conf
Include /ruleset/vaultwarden/crs-setup.conf
SecDefaultAction "phase:5,log,auditlog,pass"
Include /ruleset/coreruleset/rules/*.conf
`
}
This issue has been open 30 days waiting for feedback. Remove the stale label or comment, or this will be closed in 14 days.
This issue was closed because it has been inactive for 14 days since being marked as stale.
This issue has been open 30 days waiting for feedback. Remove the stale label or comment, or this will be closed in 14 days.
1. The problem I'm having:
Hello,
We don't have the value of the msg field in the anomaly score log wich have the rule id 980170. this was already reported and fix in #684
2. Expected behavior :
We should have a log like this one.
3. Actual behavior - Error messages and/or full log output:
Actually the rule 980170 is trigerred but we have no msg.
4. Caddy version:
5. How I installed and ran Caddy and Coraza:
a. System environment:
I'm using a raspeberrypi 4B
Docker version
b. Command:
Caddy and Coraza is a service and it is build from a Dockerfile
c. Dockerfile:
d. My complete Caddy config:
e. CRS version:
from crs-setup.conf:
tx.crs_setup_version=400