corazawaf / coraza.io Goto Github PK

View Code? Open in Web Editor NEW

5.0 4.0 15.0 7.93 MB

Home Page: https://coraza.io

License: Apache License 2.0

JavaScript 7.58% SCSS 34.85% HTML 52.87% Go 4.71%

coraza-waf documentation hugo-site website

coraza.io's Introduction

Don't README yet.

coraza.io's People

Contributors

Stargazers

Watchers

Forkers

fzipi kalikex1 sts juanfont storyofsahala ivlyth anuraaga gin-gitaxias robertlagrant dextermallo vermashivansh thibauds m4tteop varunlakkur swapnilpotnis

coraza.io's Issues

Generate seclang docs from coraza code itself

Summary

Currently seclang docs are manually maintained, which is a burden in maintenance and also gets outdated easily. We should generate this data from the code (like others do from protos) which would require to write a transpiler but will save a lot of work and will solve the outdated problem e.g. SecRequestBodyLimitAction isn't documented.

Update XML documentation - REQUEST_XML & RESPONSE_XML

Unlike ModSecurity, REQUEST_XML is an alias for XML, as we also support RESPONSE_XML. That’s because of response body processing. Coraza only supports two XPATH expressions, //@* and /* which are hardcoded. That’s because of the lack of libxml2 support.

https://coraza.io/docs/seclang/variables/#xml

Create github action to regenerate documentation with a coraza commit

Currently the documentation upgrade process is:

go get -u github.com/corazawaf/coraza/v3@<coraza-commit-or-tag>
go mod tidy
go run mage.go generate
git add -u
git commit -m <message>

and create a PR.

We should have a github action to do that so we can trigger it on demand using this

execution-flow/#phases image description is incorrect

Description

Describe the issue that you're seeing.

https://coraza.io/docs/seclang/execution-flow/#phases

image description is incorrect

err_coraza_io_docs_seclang_execution-flow#phases

Steps to reproduce

Clear steps describing how to reproduce the issue. Please please please link to a demo project if possible, this makes your issue much easier to diagnose (seriously).

Expected result

Add Response Headers

Actual result

Add Request Headers

Environment

https://coraza.io/docs/seclang/execution-flow/#phases

Missing docs for SecResponseBodyMimeType

It is referenced in https://coraza.io/docs/seclang/directives/#secresponsebodyaccess but not documented.

Remember documentation should be added in https://github.com/corazawaf/coraza/blob/main/internal/seclang/directives.go and regenerated here.

Homepage's link to OWASP CRS is broken

Description

Homepage's link to OWASP CRS is broken.

Steps to reproduce

Go to the homepage and hover the link.

Expected result

It should say https://coraza.io/docs/tutorials/coreruleset/

Actual result

It says https://coraza.io/#

Generate actions from coraza code

Description

actions.md should be generated in the same way we do in directives.md. For that we need a generation tool that creates the actions.md based on the godoc from functions, for example https://github.com/corazawaf/coraza/blob/main/internal/actions/allow.go#L39.

Document how disruptive rules work when there is an allow and deny

Summary

Coraza will use the first disruptive action based on syntactic order only.

This needs to be documented properly.

Basic example

Include a basic example or links here.

Motivation

Why are we doing this? What use cases does it support? What is the expected outcome?

corazawaf / coraza.io Goto Github PK

coraza.io's Introduction

coraza.io's People

Contributors

Stargazers

Watchers

Forkers

coraza.io's Issues

Summary

Description

Steps to reproduce

Expected result

Actual result

Environment

Description

Steps to reproduce

Expected result

Actual result

Description

Summary

Basic example

Motivation

Recommend Projects

Recommend Topics

Recommend Org