Comments (9)
Any hint on how to obtain the right server name @mholt?
from coraza-caddy.
Any idea on how to continue? The problem is we are not filling ProcessConnection and that is the variable we are using to display the logs.
from coraza-caddy.
Am I right to assume that hostname will come from this line https://github.com/corazawaf/coraza-caddy/blob/main/http.go#L44 @M4tteoP ?
from coraza-caddy.
I think that around the hostname, and server name, we have to clarify a bit the logic and maybe do still some work around them:
Hostname
The hostname
field of the error logs has been aligned with corazawaf/coraza#517 to the ModSecurity behavior. It means that we expect that the field is populated with the server IP. The latter is provided by the connector via ProcessConnection (func (tx *Transaction) ProcessConnection(client string, cPort int, server string, sPort int)
. Currently, in the Caddy connector we are missing this last step, resulting in a hostname always empty.
Server name
corazawaf/coraza#572 is meant to fix the SERVER_NAME
variable that was never been populated and therefore was never matching. For that purpose, we are providing SetServerName
to the connectors, and we expect that it is populated with the Host header. It is the header provided as-is by the client and the SERVER_NAME
variable itself is indeed meant to be used to perform checks on it.
The discussion/actions we should take are:
- fix the ProcessConnection in the Caddy connector providing the server string. It could be the IP, or via some config providing a way to propagate the hostname that the coraza module is intercepting.
- Evolve the conversation that we had in corazawaf/coraza#517, and take into account the idea of performing a name resolution to provide more meaningful values for the hostname field.
Thanks @TheForcer for raising it!
from coraza-caddy.
Are you talking about the user-given name of the server in the JSON config as keys here? https://caddyserver.com/docs/json/apps/http/servers/
from coraza-caddy.
Sometimes users might bind ip address or just a port. We will have to cover all flanks
from coraza-caddy.
FYI, related conversation ModSecurity side: owasp-modsecurity/ModSecurity#2906
from coraza-caddy.
I don't want to be this dude but are there any plans?
Afaik it's this line: https://github.com/corazawaf/coraza/blob/dc778126cf458b6a832ced0cffce077f1653147c/internal/corazarules/rule_match.go#L198
And I could create a PR with it being the host header if available.
But it looks like it's being blocked at a 'higher level'.
For me specifically it would be nice to have the hostname because we have a single WAF for multiple domains.
(And is also what we used to have with Apache)
from coraza-caddy.
Please give it a stab @ErazerBrecht
from coraza-caddy.
Related Issues (20)
- Build issue with QUIC HOT 5
- ARGS_NAMES is Set Incorrectly with Multipart/related Request HOT 4
- parsing caddyfile tokens for 'coraza_waf': invalid key for filter directive: load_owasp_crs HOT 4
- Dependency Dashboard
- I am struggling to understand how to configure caddy with coraza. HOT 1
- Unix Socket Support?
- Short write errors on http.handlers.reverse_proxy HOT 6
- Feature Request: Ability to respond with a custom html file HOT 6
- Corazua v3 working with Caddyserver? HOT 2
- Document performance tweaks for this project
- Incomplete Anomaly Score Log: Missing Value for 'msg' Field with Rule ID 980170 HOT 1
- [Question] Do I need to download any ruleset? HOT 3
- Unable to remove Server header on Coraza module's response HOT 4
- Prometheus metrics HOT 2
- 500 instead of 401 on unauthenticated requests HOT 11
- Can http3 be used with Coraza? HOT 4
- Double break line when writing error logs HOT 3
- Caddy handle_errors not working with v2 HOT 3
- New configuration not loaded on Caddy reload HOT 7
- can't be built on Go 1.20 HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coraza-caddy.