no rule trigger #782
no rule trigger
#782
Replies: 2 comments 2 replies
-
|
It appears to me the engine is in detection only
https://github.com/corazawaf/coraza/blob/v3/dev/coraza.conf-recommended#L7
…On Tue, 2 May 2023, 15:50 Paul Dessemond, ***@***.***> wrote:
I have set up an nginx(lua) container that redirects requests to another
coraza(go) container. Everything seems to be working fine, but I am unable
to trigger the coraza rules. No matter if the request is malicious, coraza
returns a 200 status. However, coraza has access to the variables and CRS.
Thank you for any help.
here my main.go it's from
https://github.com/LaurenceJJones/coraza-nginx-lua/blob/main/corazaaccess/main.go
:
package main
import (
"encoding/json"
"fmt"
"net/http"
//"net/url"
"io"
"github.com/corazawaf/coraza/v3"
"github.com/corazawaf/coraza/v3/types"
)
const (
httpStatusBlocked int = 403
httpStatusError int = 401
)
func main() {
waf, err := coraza.NewWAF(
coraza.NewWAFConfig().
WithRequestBodyAccess(coraza.NewRequestBodyConfig().WithInMemoryLimit(1000)).
WithDirectivesFromFile("coraza.conf").
WithDirectivesFromFile("coreruleset/crs-setup.conf").
WithDirectivesFromFile("coreruleset/rules/*.conf"),
)
if err != nil {
panic(err)
}
fmt.Println("Starting POC")
if err := http.ListenAndServe(":8090", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
body, err := io.ReadAll(r.Body)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return
}
var data map[string]interface{}
err = json.Unmarshal(body, &data)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
id := data["X-Coraza-ID"].(string)
//maybe check si certaine valeurs son vide est return une erreur si c'est le cas
tx := waf.NewTransactionWithID(id)
defer func() {
tx.ProcessLogging()
tx.Close()
}()
// ajoute l'id a la réponse à bunkerweb
w.Header().Set("X-Coraza-Id", id)
if it, err := processRequest(tx, data); err != nil {
http.Error(w, err.Error(), httpStatusError)
fmt.Println("Request error:", err)
} else if it != nil {
w.WriteHeader(httpStatusBlocked)
fmt.Fprint(w, it.RuleID)
fmt.Println("Request blocked")
} else if _, err := w.Write([]byte("ok")); err != nil {
fmt.Println(err)
fmt.Println("Response error")
return
}
fmt.Printf("\nTransaction %s ok\n", id)
})); err != nil {
panic(err)
}
}
func processRequest(tx types.Transaction, data map[string]interface{})
(*types.Interruption, error) {
var (
client string
cport int
)
client = data["X-Coraza-IP"].(string)
cport = 0
fmt.Printf("main.go connection inspect \n")
tx.ProcessConnection(client, cport, "", 0)
//maybe check si certaine valeurs son vide est return une erreur si c'est le cas
fmt.Printf("main.go uri inspect \n")
tx.ProcessURI(data["X-Coraza-URI"].(string), data["X-Coraza-MET"].(string), "http") //http par default since bunkerweb already do the job sinon on ajoute une var dans lua
headersMap := data["X-Coraza-HEAD"].(map[string]interface{})
for key, val := range headersMap {
// Convert the value to a string if possible, otherwise skip this header
strVal, ok := val.(string)
if !ok {
continue
}
tx.AddRequestHeader(key, strVal)
}
fmt.Printf("main.go header inspect \n")
var in *types.Interruption = tx.ProcessRequestHeaders()
if in != nil {
fmt.Printf("header triggered \n")
return in, nil
}
if data["X-Coraza-BODY"] != nil {
fmt.Printf("main.go body inspect \n")
reader, err := tx.RequestBodyReader()
if err != nil {
return tx.Interruption(), err
}
data["X-Coraza-BODY"] = io.NopCloser(reader)
}
fmt.Printf("main.go body inspect \n")
return tx.ProcessRequestBody()
}
—
Reply to this email directly, view it on GitHub
<#782>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYATW4ES3UTNSX6QINETXEEGJLANCNFSM6AAAAAAXTCRY7M>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
thank you |
Beta Was this translation helpful? Give feedback.
Answer selected by
gin-gitaxias
-
|
I wonder about this setup. Is it mainly a PoC or do you wait for coraza to
reply and forward that response to downstream. In that case, would you
consider something like caddy with coraza?
…On Tue, 2 May 2023, 17:08 Paul Dessemond, ***@***.***> wrote:
Closed #782 <#782> as
resolved.
—
Reply to this email directly, view it on GitHub
<#782>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAQ5BJXP2WOO47IE6T3XEEPN5ANCNFSM6AAAAAAXTCRY7M>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
1 reply
-
|
i use bunkerweb(https://github.com/bunkerity/bunkerweb) as a proxy but i disactivated modsec and i use coraza. When a request is sent to bunkerweb it's redirected to a coraza container who reply with a http status. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have set up an nginx(lua) container that redirects requests to another coraza(go) container. Everything seems to be working fine, but I am unable to trigger the coraza rules. No matter if the request is malicious, coraza returns a 200 status. However, coraza has access to the variables and CRS. Thank you for any help.
here my main.go it's from https://github.com/LaurenceJJones/coraza-nginx-lua/blob/main/corazaaccess/main.go :
package main
Beta Was this translation helpful? Give feedback.
All reactions