Comments (8)
I will replicate this issue today and get back to you all
from coraza-caddy.
Sorry, I'm traveling right now, still, more details on how to replicate would be greatly appreciated, thank you.
I think it could be related to reverse_proxy, Coraza does not alter status codes unless there is an error, but for some segmentation faults or golang errors it will panic without telling the logs.
from coraza-caddy.
It seems that there is a secaction created. Maybe rules creating log events without interruptions are causing problems, I will review this. But could you confirm the presence of rule id 1? There are no default rules in coraza.
SecAction id:1,pass,log
Thank you for your report
from coraza-caddy.
@jptosso I confirm presence of this rule - I was testing with and without it. You can see logs when it is present, and when it wasn't present there were no logs at all 🙂
from coraza-caddy.
Maybe this can be related to reverse_proxy
somehow? I didn't yet test it with for example fast-cgi handler.
from coraza-caddy.
I am also having this issue but with Laravel, I have been trying to find the reason for this for quite some time, do you have any more information regarding this?
from coraza-caddy.
@jptosso Do you need any help in reproducing this? :)
from coraza-caddy.
Sorry to answer this late, but here are my results:
➜ coraza-otelcol curl http://127.0.0.1:8080/wp-admin -v
* Trying 127.0.0.1:8080...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /wp-admin HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Content-Length: 315
< Content-Type: text/html; charset=iso-8859-1
< Date: Mon, 25 Jul 2022 20:00:14 GMT
< Location: http://www.tosso.io/wp-admin/
< Server: Caddy
< Server: Caddy
< Server: Apache/2.4.53 (Debian)
< X-Request-Id: bohChMfrpl4muTisGg3
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.tosso.io/wp-admin/">here</a>.</p>
<hr>
<address>Apache/2.4.53 (Debian) Server at www.tosso.io Port 80</address>
</body></html>
* Connection #0 to host 127.0.0.1 left intact
My Caddyfile:
{
debug
auto_https off
order coraza_waf first
}
:8080 {
coraza_waf {
directives `
SecRule REQUEST_URI "test5" "id:2, deny, log, phase:1,status:403"
SecRule REQUEST_URI "test6" "id:4, deny, log, phase:3,status:403"
`
}
header * x-request-id "{http.transaction_id}"
reverse_proxy https://www.tosso.io {
header_up Host "www.tosso.io"
header_up X-Forwarded-Proto "https"
}
}
from coraza-caddy.
Related Issues (20)
- ARGS_NAMES is Set Incorrectly with Multipart/related Request HOT 4
- parsing caddyfile tokens for 'coraza_waf': invalid key for filter directive: load_owasp_crs HOT 4
- Dependency Dashboard
- I am struggling to understand how to configure caddy with coraza. HOT 1
- Unix Socket Support?
- Short write errors on http.handlers.reverse_proxy HOT 6
- Feature Request: Ability to respond with a custom html file HOT 6
- Corazua v3 working with Caddyserver? HOT 2
- Document performance tweaks for this project
- Incomplete Anomaly Score Log: Missing Value for 'msg' Field with Rule ID 980170 HOT 1
- [Question] Do I need to download any ruleset? HOT 3
- Unable to remove Server header on Coraza module's response HOT 4
- Document how to override CRS variables HOT 3
- Response headers leakage during block in phase 4 HOT 1
- how to tell coraza not to buffer responses? HOT 4
- wrong client ip when using with cloudflared HOT 4
- Failed to parse server name, missing port in address HOT 1
- Attempt to build Caddy with Coraza V2 fails due to dead URL HOT 2
- How to install coraza plugins? HOT 1
- Pass error details to PHP
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coraza-caddy.