fabio icon indicating copy to clipboard operation
fabio copied to clipboard

Published 20 hours ago verified publisher icon fabiolb

Draft: WAF

Open ennetech opened this issue 1 year ago • 2 comments

Closes !911

  • i have not updated the vendor to keep the PR light (go mod tidy && go mod vendor)
  • there is a setup.sh script in waf folder to download the CRS (one rule is disabled) (cd waf && bash setup.sh)
  • to enable the WAF edit coraza.conf line 7 from SecRuleEngine DetectionOnly to SecRuleEngine On

at the moment v2 version of coraza is being used as v3 is still in alpha

curl http://localhost:9999/?a=<script>alert(1)</script> will trigger the waf

ennetech avatar Nov 20 '22 13:11 ennetech