Skip to content

Commit

Permalink
docs: update docs to rewrite
Browse files Browse the repository at this point in the history
  • Loading branch information
fionera committed Feb 18, 2024
1 parent da3f321 commit e2682c7
Showing 1 changed file with 9 additions and 13 deletions.
22 changes: 9 additions & 13 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,23 @@ HAProxy includes a [Stream Processing Offload Engine](https://www.haproxy.com/bl

### Build

The command `make` will compile the source code and produce the executable file `coraza-spoa`.

### Clean

When you need to re-compile the source code, you can use the command `make clean` to clean the executable file.
The command `go run mage.go build` will compile the source code and produce the executable file `coraza-spoa`.

## Configuration

## Coraza SPOA

The example configuration file is [config.yaml.default](https://github.com/corazawaf/coraza-spoa/blob/main/config.yaml.default), you can copy it and modify the related configuration information. You can start the service by running the command:
The example configuration file is [examples/coraza-spoa.yaml](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza-spoa.yaml), you can copy it and modify the related configuration information. You can start the service by running the command:

```
coraza-spoa -f /etc/coraza-spoa/coraza.yaml
coraza-spoa -f /etc/coraza-spoa/coraza-spoa.yaml
```

You will also want to download & extract the [OWASP Core Ruleset]( https://github.com/coreruleset/coreruleset/releases) (version 4+ supported) to the `/etc/coraza-spoa` directory.

## HAProxy SPOE

Configure HAProxy to exchange messages with the SPOA. The example SPOE configuration file is [coraza.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/doc/config/coraza.cfg), you can copy it and modify the related configuration information. Default directory to place the config is `/etc/haproxy/coraza.cfg`.
Configure HAProxy to exchange messages with the SPOA. The example SPOE configuration file is [coraza.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg), you can copy it and modify the related configuration information. Default directory to place the config is `/etc/haproxy/coraza.cfg`.

```ini
# /etc/haproxy/coraza.cfg
Expand All @@ -47,7 +43,7 @@ spoe-message coraza-req
event on-frontend-http-request
```

The application name from `config.yaml` must match the `app=` name, or the `default_application` will be used.
The application name from `config.yaml` must match the `app=` name.

The backend defined in `use-backend` must match a `haproxy.cfg` backend which directs requests to the SPOA daemon reachable via `127.0.0.1:9000`.

Expand All @@ -70,12 +66,12 @@ backend coraza-spoa
server s1 127.0.0.1:9000
```

A comprehensive HAProxy configuration example can be found in [docs/config/haproxy.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/doc/config/coraza.cfg).
A comprehensive HAProxy configuration example can be found in [examples/haproxy.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg).

Because, in the SPOE configuration file (coraza.cfg), we declare to use the backend [coraza-spoa](https://github.com/corazawaf/coraza-spoa/blob/88b4e54ab3ddcb58d946ed1d6389eff73745575b/doc/config/coraza.cfg#L14) to communicate with the service, so we need also to define it in the [HAProxy file](https://github.com/corazawaf/coraza-spoa/blob/dd5eb86d1e9abbdd5fe568249f36a6d85257eba7/doc/config/haproxy.cfg#L37):
Because, in the SPOE configuration file (coraza.cfg), we declare to use the backend [coraza-spoa](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg#L14) to communicate with the service, so we need also to define it in the [HAProxy file](https://github.com/corazawaf/coraza-spoa/blob/main/examples/haproxy.cfg#L37):

## Docker

- Build the coraza-spoa image `docker-compose build`
- Run haproxy, coraza-spoa and a mock server `docker-compose up`
- Build the coraza-spoa image `docker compose build`
- Run haproxy, coraza-spoa and a mock server `docker compose up`
- Perform a request which gets blocked by the WAF: `curl http://localhost:4000/\?x\=/etc/passwd`

0 comments on commit e2682c7

Please sign in to comment.