Comments (18)
this logs is from coraza ? If that is, why all logs are generate on /var/log/syslog and not generate on the rute I specificated ?
Feb 6 19:47:04 lab caddy[585]: {"level":"error","ts":1675730824.3300385,"logger":"http.handlers.waf","msg":"[client "192.168.152.1"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/usr/share/caddy/waf/coreruleset/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within ARGS:name: carlos or 1=1"] [severity "critical"] [ver "OWASP_CRS/4.0.0-rc1"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?name=carlos%20or%201=1"] [unique_id "hEliunlRvPlEKAvH"]\n[client "192.168.152.1"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/usr/share/caddy/waf/coreruleset/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within ARGS:name: carlos or 1=1"] [severity "critical"] [ver "OWASP_CRS/4.0.0-rc1"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?name=carlos%20or%201=1"] [unique_id "hEliunlRvPlEKAvH"]\n[client "192.168.152.1"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/usr/share/caddy/waf/coreruleset/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within ARGS:name: carlos or 1=1"] [severity "critical"] [ver "OWASP_CRS/4.0.0-rc1"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?name=carlos%20or%201=1"] [unique_id "hEliunlRvPlEKAvH"]\n[client "192.168.152.1"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/usr/share/caddy/waf/coreruleset/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within ARGS:name: carlos or 1=1"] [severity "critical"] [ver "OWASP_CRS/4.0.0-rc1"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?name=carlos%20or%201=1"] [unique_id "hEliunlRvPlEKAvH"]\n"}
Feb 6 19:47:04 lab caddy[585]: {"level":"error","ts":1675730824.3382945,"logger":"http.handlers.waf","msg":"[client "192.168.152.1"] Coraza: Warning. Inbound Anomaly Score Exceeded (Total Score: 20) [file "/usr/share/caddy/waf/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "0"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [data ""] [severity "emergency"] [ver "OWASP_CRS/4.0.0-rc1"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname ""] [uri "/?name=carlos%20or%201=1"] [unique_id "hEliunlRvPlEKAvH"]\n"}
from coraza-caddy.
@jptosso @jcchavezs Any inputs here?
from coraza-caddy.
@jcchavezs @jptosso ping.
from coraza-caddy.
@jcchavezs @jptosso ping 2.
from coraza-caddy.
we completely rewrite the connector. Do you mind testing again with latest commit? At least the debug logging should be working fine. Audit we will tackle soon.
from coraza-caddy.
Hello @jcchavezs when try to update caddy it's take v1.2.2 this is the final version of coraza-caddy? it's not will be 1.2.3 ?
"SecAuditLogDir /var/log/audit_coraza.log" provision http.handlers.waf: invalid WAF config: open /var/log/audit_coraza.log: permission denied
same error.
from coraza-caddy.
The version with the rewritten connector is not yet tagged, you should be able to try it pointing directly to the commit (34daaf87f9ddaca2833461de59ebada21c902598
)
from coraza-caddy.
Hello @M4tteoP if used xcaddy with build 34daaf8 i got error invalid
go: github.com/caddyserver/caddy/v2@34daaf87f9ddaca2833461de59ebada21c902598: invalid version: unknown revision 34daaf8
I used xcaddy build 34daaf8 --with github.com/corazawaf/coraza-caddy
from coraza-caddy.
from coraza-caddy.
The right syntax should be this one: xcaddy build --with github.com/corazawaf/coraza-caddy@34daaf87f9ddaca2833461de59ebada21c902598
In your attempt, you are trying to use the commit like it was a caddy commit, not a coraza-caddy one.
Edit: ops, JC has been faster :3
from coraza-caddy.
Hello @M4tteoP @jcchavezs
You have right I can compile using xcaddy build --with github....coraza-caddy@build_hash
But now the error change and I got a error with the CRS loaded.
["/usr/share/caddy/waf/coreruleset/rules/REQUEST-901-INITIALIZATION.conf","/usr/share/caddy/waf/coreruleset/rules/]
from coraza-caddy.
Unfortunately this is an issue with the file system as it does not like absolute paths. I tried different approaches and ended up creating my own library for merging filesystems because existing ones did have some opinions.
This is the same issue as in jcchavezs/coraza-httpbin#4 (comment) which I will soon fix as soon as finish test the new merge library.
from coraza-caddy.
@jcchavezs I would remove your coreruleset library from coraza-caddy until it is fixed. It's not such an important feature for the connector, and it's not even documented
from coraza-caddy.
Yeah I will remove that. And reassess the os filesystem.
from coraza-caddy.
from coraza-caddy.
@carlos-herrer please do try this branch #52
from coraza-caddy.
Hello @jcchavezs, I got the same error Permission deny.
with "SecDebugLog /var/log/coraza/coraza.log" with "SexDebugLogLevel 6" I got invalid sintax.
and if I using audit log "SecAuditLogDir /var/log/audit/audit_coraza.log", it's generate a permission error.
from coraza-caddy.
Hey there,
any updates on this? Still can't get logs working for coraza.
from coraza-caddy.
Related Issues (20)
- Build issue with QUIC HOT 5
- ARGS_NAMES is Set Incorrectly with Multipart/related Request HOT 4
- parsing caddyfile tokens for 'coraza_waf': invalid key for filter directive: load_owasp_crs HOT 3
- Dependency Dashboard
- I am struggling to understand how to configure caddy with coraza. HOT 1
- Unix Socket Support?
- Short write errors on http.handlers.reverse_proxy HOT 6
- Feature Request: Ability to respond with a custom html file HOT 6
- Corazua v3 working with Caddyserver? HOT 2
- Document performance tweaks for this project
- Incomplete Anomaly Score Log: Missing Value for 'msg' Field with Rule ID 980170 HOT 1
- [Question] Do I need to download any ruleset? HOT 3
- Unable to remove Server header on Coraza module's response HOT 4
- Document how to override CRS variables HOT 2
- Response headers leakage during block in phase 4 HOT 1
- Can http3 be used with Coraza? HOT 4
- Double break line when writing error logs HOT 3
- Caddy handle_errors not working with v2 HOT 1
- New configuration not loaded on Caddy reload HOT 7
- can't be built on Go 1.20 HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coraza-caddy.