corazawaf/coraza-caddy
GitHub: corazawaf/coraza-caddy
将OWASP Coraza WAF引擎集成到Caddy的中间件,提供兼容ModSecurity语法的Web应用防火墙功能。
Stars: 589 | Forks: 61
# Coraza WAF Caddy 模块
[](https://github.com/corazawaf/coraza-caddy/actions/workflows/tests.yml)
[](https://www.repostatus.org/#active)
[OWASP Coraza](https://github.com/corazawaf/coraza) Caddy 模块为 Caddy 提供了 Web Application Firewall 功能。
OWASP Coraza WAF 与 OWASP Coreruleset 和 Modsecurity 语法 100% 兼容。
## 入门指南
`go run mage.go -l` 列出所有可用的命令:
```
▶ go run mage.go -l
Targets:
buildCaddy builds the plugin.
buildCaddyLinux builds the plugin with GOOS=linux.
buildExample builds the example deployment.
check runs lint and tests.
coverage runs tests with coverage and race detector enabled.
doc runs godoc, access at http://localhost:6060
e2e runs e2e tests with a built plugin against the example deployment.
format formats code in this repository.
ftw runs CRS regressions tests.
lint verifies code quality.
precommit installs a git hook to run check when committing
reloadExample reload the test environment.
runExample spins up the test environment, access at http://localhost:8080.
teardownExample tears down the test environment.
test runs all tests.
```
## 插件语法
```
coraza_waf {
directives `
Include /path/to/config.conf
SecAction "id:1,pass,log"
`
}
```
示例用法:
**重要提示:** 为了使 Coraza 模块正常工作,必须始终在您的 Caddyfile 中包含 `order coraza_waf first`
```
{
order coraza_waf first
}
http://127.0.0.1:8080 {
coraza_waf {
directives `
SecAction "id:1,pass,log"
SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
Include file1.conf
Include file2.conf
Include /some/path/*.conf
`
}
reverse_proxy http://192.168.1.15:8080
}
```
## 使用 Coraza WAF 构建 Caddy
运行:
```
xcaddy build --with github.com/corazawaf/coraza-caddy/v2
```
## 测试
您可以通过执行以下命令来运行测试套件:
```
go run mage.go test
```
## 使用 OWASP Core Ruleset
您可以通过传递 `load_owasp_crs` 字段来加载 OWASP CRS,然后按照 [coraza-coreruleset](https://github.com/corazawaf/coraza-coreruleset) 文档中的描述在指令中加载 CRS 文件。
```
:8080 {
coraza_waf {
load_owasp_crs
directives `
Include @coraza.conf-recommended
Include @crs-setup.conf.example
Include @owasp_crs/*.conf
SecRuleEngine On
`
}
reverse_proxy httpbin:8081
}
```
## 运行示例
### Docker
```
go run mage.go buildExample runExample
curl -i localhost:8080/
```
### 本地
```
# 在终端 1
go run github.com/mccutchen/go-httpbin/v2/cmd/go-httpbin@v2.9.0 -port 8081
# 在终端 2
go run mage.go buildCaddy
./build/caddy run --config example/Caddyfile --adapter caddyfile
# 在终端 3
curl -i localhost:8080/
```
## 使用自定义消息或 HTML 页面进行响应
为了使用自定义消息或 HTML 页面进行响应,您可以利用 [handle_errors](https://caddyserver.com/docs/caddyfile/directives/handle_errors) 指令:
```
handle_errors 403 {
header X-Blocked "true"
respond "Your request was blocked. Request ID: {http.request.header.x-request-id}"
}
```
或者
```
handle_errors {
@block_codes `{err.status_code} in [403]`
handle @block_codes {
root * /path/to/html/dir
rewrite * /{err.status_code}.html
file_server
}
}
```
可以使用 [templates](https://caddyserver.com/docs/caddyfile/directives/templates) 指令动态渲染数据。请查看 [`example/403.html`](./example/403.html) 文件。
[](https://www.repostatus.org/#active)
[OWASP Coraza](https://github.com/corazawaf/coraza) Caddy 模块为 Caddy 提供了 Web Application Firewall 功能。
OWASP Coraza WAF 与 OWASP Coreruleset 和 Modsecurity 语法 100% 兼容。
## 入门指南
`go run mage.go -l` 列出所有可用的命令:
```
▶ go run mage.go -l
Targets:
buildCaddy builds the plugin.
buildCaddyLinux builds the plugin with GOOS=linux.
buildExample builds the example deployment.
check runs lint and tests.
coverage runs tests with coverage and race detector enabled.
doc runs godoc, access at http://localhost:6060
e2e runs e2e tests with a built plugin against the example deployment.
format formats code in this repository.
ftw runs CRS regressions tests.
lint verifies code quality.
precommit installs a git hook to run check when committing
reloadExample reload the test environment.
runExample spins up the test environment, access at http://localhost:8080.
teardownExample tears down the test environment.
test runs all tests.
```
## 插件语法
```
coraza_waf {
directives `
Include /path/to/config.conf
SecAction "id:1,pass,log"
`
}
```
示例用法:
**重要提示:** 为了使 Coraza 模块正常工作,必须始终在您的 Caddyfile 中包含 `order coraza_waf first`
```
{
order coraza_waf first
}
http://127.0.0.1:8080 {
coraza_waf {
directives `
SecAction "id:1,pass,log"
SecRule REQUEST_URI "/test5" "id:2, deny, log, phase:1"
SecRule REQUEST_URI "/test6" "id:4, deny, log, phase:3"
Include file1.conf
Include file2.conf
Include /some/path/*.conf
`
}
reverse_proxy http://192.168.1.15:8080
}
```
## 使用 Coraza WAF 构建 Caddy
运行:
```
xcaddy build --with github.com/corazawaf/coraza-caddy/v2
```
## 测试
您可以通过执行以下命令来运行测试套件:
```
go run mage.go test
```
## 使用 OWASP Core Ruleset
您可以通过传递 `load_owasp_crs` 字段来加载 OWASP CRS,然后按照 [coraza-coreruleset](https://github.com/corazawaf/coraza-coreruleset) 文档中的描述在指令中加载 CRS 文件。
```
:8080 {
coraza_waf {
load_owasp_crs
directives `
Include @coraza.conf-recommended
Include @crs-setup.conf.example
Include @owasp_crs/*.conf
SecRuleEngine On
`
}
reverse_proxy httpbin:8081
}
```
## 运行示例
### Docker
```
go run mage.go buildExample runExample
curl -i localhost:8080/
```
### 本地
```
# 在终端 1
go run github.com/mccutchen/go-httpbin/v2/cmd/go-httpbin@v2.9.0 -port 8081
# 在终端 2
go run mage.go buildCaddy
./build/caddy run --config example/Caddyfile --adapter caddyfile
# 在终端 3
curl -i localhost:8080/
```
## 使用自定义消息或 HTML 页面进行响应
为了使用自定义消息或 HTML 页面进行响应,您可以利用 [handle_errors](https://caddyserver.com/docs/caddyfile/directives/handle_errors) 指令:
```
handle_errors 403 {
header X-Blocked "true"
respond "Your request was blocked. Request ID: {http.request.header.x-request-id}"
}
```
或者
```
handle_errors {
@block_codes `{err.status_code} in [403]`
handle @block_codes {
root * /path/to/html/dir
rewrite * /{err.status_code}.html
file_server
}
}
```
可以使用 [templates](https://caddyserver.com/docs/caddyfile/directives/templates) 指令动态渲染数据。请查看 [`example/403.html`](./example/403.html) 文件。标签:AppImage, Caddy, Coraza, EVTX分析, Go语言, HTTP安全, ModSecurity, OWASP核心规则集, WAF, Web应用防火墙, 中间件, 入侵防御, 反向代理, 日志审计, 服务器插件, 流量过滤, 程序破解, 网络安全, 请求拦截, 隐私保护