-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Broken redirection 301 changed to 200, resulting in white page #10
Comments
…ted by external contributor - corazawaf/coraza-caddy#10 will not be resolved
It seems that there is a secaction created. Maybe rules creating log events without interruptions are causing problems, I will review this. But could you confirm the presence of rule id 1? There are no default rules in coraza.
Thank you for your report |
@jptosso I confirm presence of this rule - I was testing with and without it. You can see logs when it is present, and when it wasn't present there were no logs at all 🙂 |
Maybe this can be related to |
I am also having this issue but with Laravel, I have been trying to find the reason for this for quite some time, do you have any more information regarding this? |
I will replicate this issue today and get back to you all |
@jptosso Do you need any help in reproducing this? :) |
Sorry, I'm traveling right now, still, more details on how to replicate would be greatly appreciated, thank you. I think it could be related to reverse_proxy, Coraza does not alter status codes unless there is an error, but for some segmentation faults or golang errors it will panic without telling the logs. |
Sorry to answer this late, but here are my results:
My Caddyfile: {
debug
auto_https off
order coraza_waf first
}
:8080 {
coraza_waf {
directives `
SecRule REQUEST_URI "test5" "id:2, deny, log, phase:1,status:403"
SecRule REQUEST_URI "test6" "id:4, deny, log, phase:3,status:403"
`
}
header * x-request-id "{http.transaction_id}"
reverse_proxy https://www.tosso.io {
header_up Host "www.tosso.io"
header_up X-Forwarded-Proto "https"
}
} |
Hi,
Wanted to configure a Wordpress instance secured by CORAZA Waf with CRS, started with just empty config to check if the reverse proxy is working, and it wasnt... 😄
So, that's the config:
On the
http://127.0.0.1:8080/
there is a plain Wordpress installation on it's own NGINX.Scenarios:
coraza_waf
-> it worksActual response
Expected response (when
coraza_waf
block is disabled)The text was updated successfully, but these errors were encountered: