Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
github.com/nvdg2/coraza-daddy
- Version published
- Created
Coraza WAF Caddy Module
OWASP Coraza Caddy Module provides Web Application Firewall capabilities for Caddy.
OWASP Coraza WAF is 100% compatible with OWASP Coreruleset and Modsecurity syntax.
Getting started
go run mage.go -l lists all the available commands:
▶ go run mage.go -l
Targets:
buildCaddy builds the plugin.
buildCaddyLinux builds the plugin with GOOS=linux.
buildExample builds the example deployment.
check runs lint and tests.
coverage runs tests with coverage and race detector enabled.
doc runs godoc, access at http://localhost:6060
e2e runs e2e tests with a built plugin against the example deployment.
format formats code in this repository.
ftw runs CRS regressions tests.
lint verifies code quality.
precommit installs a git hook to run check when committing
reloadExample reload the test environment.
runExample spins up the test environment, access at http://localhost:8080.
teardownExample tears down the test environment.
test runs all tests.
Plugin syntax
coraza_waf {
directives `
Include /path/to/config.conf
SecAction "id:1,pass,log"
`
}
Sample usage:
Important: order coraza_waf first must be always included in your Caddyfile for Coraza module to work
{
order coraza_waf first
}
http://127.0.0.1:8080 {
coraza_waf {
directives `
SecAction "id:1,pass,log"
SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
Include file1.conf
Include file2.conf
Include /some/path/*.conf
`
}
reverse_proxy http://192.168.1.15:8080
}
Build Caddy with Coraza WAF
Run:
xcaddy build --with github.com/nvdg2/coraza-daddy
Testing
You may run the test suite by executing:
go run mage.go test
Using OWASP Core Ruleset
You can load OWASP CRS by passing the field load_owasp_crs and then load the CRS files in the directives as described in the coraza-coreruleset documentation.
:8080 {
coraza_waf {
load_owasp_crs
directives `
Include @coraza.conf-recommended
Include @crs-setup.conf.example
Include @owasp_crs/*.conf
SecRuleEngine On
`
}
reverse_proxy httpbin:8081
}
Running Example
Docker
go run mage.go buildExample runExample
curl -i localhost:8080/
Local
# in terminal 1
go run github.com/mccutchen/go-httpbin/v2/cmd/go-httpbin@v2.9.0 -port 8081
# in terminal 2
go run mage.go buildCaddy
./build/caddy run --config example/Caddyfile --adapter caddyfile
# in terminal 3
curl -i localhost:8080/
FAQs
Unknown package
Package last updated on 10 Dec 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025