Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

provision http.handlers.waf: invalid WAF config from string: failed to readfile: invalid argument #185

Open
JKSTAFF opened this issue Dec 25, 2024 · 2 comments
Open

provision http.handlers.waf: invalid WAF config from string: failed to readfile: invalid argument #185

JKSTAFF opened this issue Dec 25, 2024 · 2 comments

Comments

@JKSTAFF
Copy link

JKSTAFF commented Dec 25, 2024

Pretty much the same issue like #58 , but happend on latest caddy(both bin and docker) with coraza-caddy/v2.

Build parameter

xcaddy build --with github.com/corazawaf/coraza-caddy/v2

Dockerfile

FROM caddy:builder AS builder
RUN xcaddy build \
    --with github.com/corazawaf/coraza-caddy/v2
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

Caddyfile

{
    order coraza_waf first
    https_port 443

    admin off
    acme_dns cloudflare MY_API_KEY
}
*.mydomain.com {
    coraza_waf {
        load_owasp_crs
        directives `
            Include etc/caddy/rules/@coraza.conf-recommended
            Include /etc/caddy/rules/@crs-setup.conf.example
            Include /etc/caddy/rules/@owasp_crs/*.conf
        SecRuleEngine On
        `
    }
    @sub host sub.mydomain.com
    handle @hub {
        ## webport
        reverse_proxy 127.0.0.1:8080
    }
}

rule fules
Just right in clamed /etc/caddy/rules

/etc/caddy/rules$ ls -l
-rw-r--r-- 1 admin admin  9511 Dec 23 22:29 @coraza.conf-recommended
-rw-r--r-- 1 admin admin 32548 Dec 23 22:29 @crs-setup.conf.example
drwxr-xr-x 2 admin admin  4096 Dec 23 22:29 @owasp_crs
@jptosso
Copy link
Member

jptosso commented Dec 25, 2024
edited
Loading 

        Include @coraza.conf-recommended
        Include @crs-setup.conf.example
        Include @owasp_crs/*.conf

Avoid using @ names as it is reserved for the local filesystem unless you want the default config files.
Coraza ships OWASP CRS by default

@JKSTAFF
Copy link
Author

JKSTAFF commented Dec 25, 2024
edited
Loading 

        Include @coraza.conf-recommended
        Include @crs-setup.conf.example
        Include @owasp_crs/*.conf

Avoid using @ names as it is reserved for the local filesystem unless you want the default config files. Coraza ships OWASP CRS by default

Same invalid argument issue after rename rulefiles and folder to

        Include coraza.conf-recommended
        Include crs-setup.conf.example
        Include owasp_crs/*.conf

I don't get Coraza ships OWASP CRS by default mean but all local rule files come from coraza-coreruleset

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jptosso @JKSTAFF