Comments (9)
sts
commented on May 29, 2024
1
I think this should be resolved already.
from coraza-spoa.
NullIsNot0
commented on May 29, 2024
You should use CRS v.4
from coraza-spoa.
amsnek
commented on May 29, 2024
oh thanks, will try that right away
from coraza-spoa.
amsnek
commented on May 29, 2024
do i need a diffrerent coraza.conf for this?
getting this error now:
# ./coraza-spoa_amd64 --config-file /etc/coraza-spoa/coraza.conf
panic: yaml: unmarshal errors:
line 7: cannot unmarshal !!str `SecRule...` into config.Config
goroutine 1 [running]:
main.main()
/build/work/coraza-spoa/cmd/main.go:34 +0x11a
Line7 ist just
SecRuleEngine DetectionOnly
-> I suppose i need a different coraza.conf? (used coraza.conf-recommended)
EDIT: never mind, layer8 problem -> i used the wrong config-file 🙈
from coraza-spoa.
amsnek
commented on May 29, 2024
with CRS v4 I get the following error now:
{"level":"fatal","ts":"2022-09-29T12:36:01.197Z","caller":"logger/logger.go:83","msg":"failed to compile rule (error parsing regexp: invalid nested repetition operator: `*+`): REQUEST_HEADERS:Accept \"!@rx ^(?:(?:\\*|[^\\\"(),\\/:;<=>?![\\x5c\\]{}]+)\\/(?:\\*|[^\\\"(),\\/:;<=>?![\\x5c\\]{}]+))(?:\\s*+;\\s*+(?:(?:charset\\s*+=\\s*+(?:\\\"?(?:iso-8859-15?|windows-1252|utf-8)\\b\\\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\\\"(),\\/:;<=>?![\\x5c\\]{}]|[^e\\\"(),/:;<=>?![\\x5c\\]{}])|[^s\\\"(),/:;<=>?![\\x5c\\]{}])|[^r\\\"(),/:;<=>?![\\x5c\\]{}])|[^a\\\"(),/:;<=>?![\\x5c\\]{}])|[^h\\\"(),/:;<=>?![\\x5c\\]{}])|[^c\\\"(),/:;<=>?![\\x5c\\]{}])[^\\\"(),/:;<=>?![\\x5c\\]{}]*(?:)\\s*+=\\s*+[^(),/:;<=>?![\\x5c\\]{}]+)|;?))*(?:\\s*+,\\s*+(?:(?:\\*|[^\\\"(),\\/:;<=>?![\\x5c\\]{}]+)\\/(?:\\*|[^\\\"(),\\/:;<=>?![\\x5c\\]{}]+))(?:\\s*+;\\s*+(?:(?:charset\\s*+=\\s*+(?:\\\"?(?:iso-8859-15?|windows-1252|utf-8)\\b\\\"?))|(?:(?:c(?:h(?:a(?:r(?:s(?:e[^t\\\"(),\\/:;<=>?![\\x5c\\]{}]|[^e\\\"(),/:;<=>?![\\x5c\\]{}])|[^s\\\"(),/:;<=>?![\\x5c\\]{}])|[^r\\\"(),/:;<=>?![\\x5c\\]{}])|[^a\\\"(),/:;<=>?![\\x5c\\]{}])|[^h\\\"(),/:;<=>?![\\x5c\\]{}])|[^c\\\"(),/:;<=>?![\\x5c\\]{}])[^\\\"(),/:;<=>?![\\x5c\\]{}]*(?:)\\s*+=\\s*+[^(),/:;<=>?![\\x5c\\]{}]+)|;?))*)*$\" \"id:920600,phase:1,block,t:none,t:lowercase,msg:'Illegal Accept header: charset parameter',logdata:'%{MATCHED_VAR}',tag:'application-multi',tag:'language-multi',tag:'platform-multi',tag:'attack-protocol',tag:'paranoia-level/1',tag:'OWASP_CRS',ver:'OWASP_CRS/4.0.0-rc1',severity:'CRITICAL',setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\""}
from coraza-spoa.
amsnek
commented on May 29, 2024
@NullIsNot0 any idea regarding the last error on crs v4? 🙈
from coraza-spoa.
jptosso
commented on May 29, 2024
Hey ! Sorry for the late response, we are currently working on this issue and providing crs with re2 tests to avoid this in the future. I will link this error to the pr
from coraza-spoa.
amsnek
commented on May 29, 2024
thanks! i will keep it open until its resoved?
from coraza-spoa.
NullIsNot0
commented on May 29, 2024
Somehow I have missed your posts here, @amsnek! Sorry for that!
I forgot to mention that you have to switch to experimental branch. There's great new idea in experimental branch - one instance of SPOA can work with multiple CRS configurations. And it uses Coraza WAF v3 (pre-alpha) instead of v2 in main branch.
git clone https://github.com/corazawaf/coraza-spoa.git
cd coraza-spoa
git checkout experimental
docker compose build
docker compose up
And open http://localhost:4000/?x=/etc/passwd in browser to perform a request which gets blocked by the WAF.
Note: For now only request scanning works pretty stable, but respons scanning hangs up SPOE in some cases. I'll try to test these cases and fill an issue in a week or two.
from coraza-spoa.
Related Issues (20)
- Systemd service failed
- Upgrade to Coraza 3.0
- Add unit tests for internal package
- Adds readme/command to run a example application HOT 1
- Panic on empty Application name
- Adds support for FTW
- Drop logger, logLevel and use coraza's
- Argument version and headers not found HOT 11
- Use github.com/corazawaf/coraza/v3/http/e2e for E2E tests
- coraza-spoa always returns "-" on verdict %[var(txn.coraza.fail) instead of "1" as per documentation HOT 5
- Garbarge in client and hostname fields in Coraza's log
- MYSQL Injection Not Detected HOT 5
- Log to Syslog HOT 7
- Support json format as loglevel in config.yaml HOT 9
- Multiple domains - backend HOT 3
- Error sample_app, error: Key not found HOT 1
- Fetch methods for app parameter HOT 4
- Runtime error checking header user-agent HOT 1
- Listen "server" on .sock
- Excessive memory and CPU usage HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coraza-spoa.