GithubHelp home page GithubHelp logo

nullisnot0 / coraza-spoa Goto Github PK

View Code? Open in Web Editor NEW

This project forked from corazawaf/coraza-spoa

0.0 1.0 0.0 118 KB

A wrapper around the OWASP Coraza WAF for use with HAProxy's SPOE filtering

License: Apache License 2.0

Shell 25.39% Go 63.26% Makefile 4.55% Dockerfile 6.80%

coraza-spoa's Introduction

Owasp Coraza Haproxy

Code Linting CodeQL Scanning

Overview

This is a third-party daemon that connects to SPOE. It sends the request and response sent by HAProxy to OWASP Coraza and returns the verdict.

Compilation

Build

The command make will compile the source code and produce the executable file coraza-spoa.

Clean

When you need to re-compile the source code, you can use the command make clean to clean the executable file.

Configuration file

The example configuration file is config.yaml.default, you can copy it and modify the related configuration information.

Start the service

After you have compiled it, you can start the service by running the command ./coraza-spoa.

$> ./coraza-spoa -h
Usage of ./coraza-spoa:
  -config string
        configuration file

Configure a SPOE to use the service

Here is the configuration template to use for your SPOE with OWASP Coraza module, you can find it in the doc/config/coraza.cfg:

[coraza]
spoe-agent coraza-agent
    messages coraza-req coraza-res
    option var-prefix coraza
    timeout hello      100ms
    timeout idle       2m
    timeout processing 10ms
    use-backend coraza-spoa
    log global

spoe-message coraza-req
    args app=str(sample_app) id=unique-id src-ip=src method=method path=path query=query version=req.ver headers=req.hdrs bodyreq.body
    event on-frontend-http-request

spoe-message coraza-res
    args app=str(sample_app) id=unique-id version=res.ver status=status headers=res.hdrs body=res.body
    event on-http-response

The engine is in the scope "coraza". So to enable it, you must set the following line in a frontend/listener section:

frontend coraza.io
    ...
    unique-id-format %[uuid()]
    unique-id-header X-Unique-ID
    filter spoe engine coraza config coraza.cfg
    ...

Because, in SPOE configuration file, we declare to use the backend "coraza-spoa" to communicate with the service, so we need to define it in the HAProxy file. For example:

backend coraza-spoa
    mode tcp
    balance roundrobin
    timeout connect 5000ms
    timeout client 5000ms
    timeout server 5000ms
    server s1 127.0.0.1:9000

The OWASP Coraza action is returned in a variable named "txn.coraza.fail". It contains the verdict of the request. If the variable is set to 1, the request will be denied.

http-request deny if { var(txn.coraza.fail) -m int eq 1 }
http-response deny if { var(txn.coraza.fail) -m int eq 1 }

With this rule, all unsafe requests will be rejected. You can find the example HAProxy configuration file in the doc/config/haproxy.cfg.

Docker

  • Build the coraza-spoa image docker-compose build
  • Run haproxy, coraza-spoa and a mock server docker-compose up
  • Perform a request which gets blocked by the WAF: curl http://localhost:4000/\?x\=/etc/passwd

coraza-spoa's People

Contributors

fzipi avatar jcchavezs avatar jptosso avatar mac-chaffee avatar nullisnot0 avatar sts avatar syinwu avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.