Coraza: Warning. #1270

prologic · 2025-01-04T06:52:23Z

prologic
Jan 4, 2025

I don't understand what's going on here.

I'm seeing this in the error logs of Caddy:

Coraza: Warning.

My rule looks like this:

SecRule REQUEST_HEADERS:Host "@streq foo.example.com" "deny,id:100,phase:3,log,status:403,msg:'Deprecated Service'"

There is clearly a disruptive action there of deny.

The only way I can get this rule to work is to remove or comment out the following from my config:

		Include @coraza.conf-recommended
		Include @crs-setup.conf.example
		Include @owasp_crs/*.conf

Answered by prologic

Finally figured this out.

The docs here and here say to do this:

   Include @coraza.conf-recommended
   Include @crs-setup.conf.example
   Include @owasp_crs/*.conf

However this (@coraza.conf-recommended) introduces the directive: SecRuleEngine DetectionOnly

🤦‍♂️

prologic · 2025-01-04T06:52:32Z

What am I doing wrong?

1 reply

Finally figured this out.

The docs here and here say to do this:

   Include @coraza.conf-recommended
   Include @crs-setup.conf.example
   Include @owasp_crs/*.conf

However this (@coraza.conf-recommended) introduces the directive: SecRuleEngine DetectionOnly

🤦‍♂️

Answer selected by prologic