fabio
fabio copied to clipboard
Draft: WAF
Closes !911
- i have not updated the vendor to keep the PR light (
go mod tidy && go mod vendor
) - there is a setup.sh script in waf folder to download the CRS (one rule is disabled) (
cd waf && bash setup.sh
) - to enable the WAF edit coraza.conf line 7 from
SecRuleEngine DetectionOnly
toSecRuleEngine On
at the moment v2 version of coraza is being used as v3 is still in alpha
curl http://localhost:9999/?a=<script>alert(1)</script>
will trigger the waf