Last active
February 6, 2022 23:30
-
-
Save jptosso/bea81ca0de225b3e09846f627abc5b74 to your computer and use it in GitHub Desktop.
go-ftw configurations for coraza logging
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# For caddy configuration see the next file, Caddyfile | |
# Just type: go-ftw run -d ./coreruleset/tests/regression --config .ftw.yaml | |
logfile: '/some/path/to/log.log' | |
logtype: | |
name: 'apache' | |
timeregex: '\[([A-Z][a-z]{2} [A-z][a-z]{2} \d{1,2} \d{1,2}\:\d{1,2}\:\d{1,2}\.\d+? \d{4})\]' | |
timeformat: 'ddd MMM DD HH:mm:ss.S YYYY' | |
testoverride: | |
ignore: | |
'920181-1': 'Invalid URL, Coraza stops this.' | |
'942490-17': 'Invalid URL, Coraza stops this.' | |
'942260-17': 'Invalid URL, Coraza stops this.' | |
'942260-6': 'Invalid URL, Coraza stops this.' | |
'942150-6': 'Invalid URL, Coraza stops this.' | |
'920240-1': 'Invalid URL, Coraza stops this.' | |
'920240-5': 'Invalid URL, Coraza stops this.' | |
'920240-6': 'Invalid URL, Coraza stops this.' | |
'941130-11': 'Invalid URL, Coraza stops this.' | |
'941130-2': 'Invalid URL, Coraza stops this.' | |
'941130-4': 'Invalid URL, Coraza stops this.' | |
'941130-6': 'Invalid URL, Coraza stops this.' | |
'941130-9': 'Invalid URL, Coraza stops this.' | |
'941130-10': 'Invalid URL, Coraza stops this.' | |
'941130-12': 'Invalid URL, Coraza stops this.' | |
'941130-14': 'Invalid URL, Coraza stops this.' | |
'941130-16': 'Invalid URL, Coraza stops this.' | |
'921150-1': 'Invalid URL, Coraza stops this.' | |
'921160-1': 'Invalid URL, Coraza stops this.' | |
'941110-6': 'Invalid URL, Coraza stops this.' | |
'942100-10': 'Invalid URL, Coraza stops this.' | |
'932140-3': 'Invalid URL, Coraza stops this.' | |
'941280-2': 'Invalid URL, Coraza stops this.' | |
'942100-13': 'Invalid URL, Coraza stops this.' | |
'920120-4': 'Rule bug' | |
'920120-6': 'Rule bug' | |
'920120-7': 'Rule bug' | |
'920460-1': 'Quadruple backslash issue' | |
'941330-1': 'Quadruple backslash issue' | |
'920460-2': 'Quadruple backslash issue' | |
'920460-3': 'Quadruple backslash issue' | |
'920460-4': 'Quadruple backslash issue' | |
'932180-2': 'Bad multipart' | |
'920100-4': 'Method connect is not valid for caddy' | |
'920100-5': 'Method connect is not valid for caddy' | |
'920100-8': 'Caddy doesnt respond to errors like apache' | |
'920170-3': 'Caddy doesnt accept HEAD payloads' | |
'920171-2': 'Caddy hides transfer-encoding from Coraza on file_server mode' | |
'920171-3': 'Caddy hides transfer-encoding from Coraza on file_server mode' | |
'920270-4': 'Caddy ignores the nullbyte' | |
'920272-5': 'Caddy can handle that invalid encoding' | |
'920280-3': 'Caddy returns error 505 instead' | |
'920290-1': 'Caddy ignores an empty host' | |
'920420-8': 'Caddy does not accept thatinvalid content-type' | |
'920430-3': 'Caddy returns error 505 instead' | |
'920430-5': 'Caddy will close the connection on close and return 400' | |
'920430-8': 'HTTP/3 is unsupported by caddy' | |
'920430-9': 'HTTP/0.8 is unsupported by caddy' | |
'953120-0': 'Temporary, this works but the testing framework does not support it yet.' | |
'953120-2': 'Temporary, this works but the testing framework does not support it yet.' | |
'953120-4': 'Temporary, this works but the testing framework does not support it yet.' | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run this by using caddy run -adapter caddyfile -config ./Caddyfile | |
{ | |
auto_https off | |
order coraza_waf first | |
log { | |
format console { | |
time_format "[Mon Jan 02 15:04:05.000000 2006]" | |
} | |
output file /some/path/to/log.log | |
} | |
} | |
:80 { | |
coraza_waf { | |
directives ` | |
SecAction "id:900005,\ | |
phase:1,\ | |
nolog,\ | |
pass,\ | |
ctl:ruleEngine=DetectionOnly,\ | |
ctl:ruleRemoveById=910000,\ | |
setvar:tx.paranoia_level=4,\ | |
setvar:tx.crs_validate_utf8_encoding=1,\ | |
setvar:tx.arg_name_length=100,\ | |
setvar:tx.arg_length=400,\ | |
setvar:tx.total_arg_length=64000,\ | |
setvar:tx.max_num_args=255,\ | |
setvar:tx.combined_file_sizes=65535 | |
` | |
include ./coraza.conf-recommended | |
include ./coreruleset/crs-setup.conf.example | |
include ./coreruleset/rules/*.conf | |
} | |
respond "ok" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment