0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

readme

Browse source
This commit is contained in:
bui 2023-06-01 11:53:12 +02:00
parent abaa6a5c56
commit 44a5c81199
1 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
pkg/acquisition/modules/waf/README.md Normal file
View file

@ -0,0 +1,32 @@
Ongoing poc for Coraza
For config:
coraza_inband.conf:
```
SecRuleEngine On
SecRule ARGS:id "@eq 0" "id:1, phase:1,deny, status:403,msg:'Invalid id',log,auditlog"
SecRequestBodyAccess On
SecRule REQUEST_BODY "@contains password" "id:100, phase:2,deny, status:403,msg:'Invalid request body',log,auditlog"
```
coraza_outofband.conf:
```
SecRuleEngine On
SecRule ARGS:id "@eq 2" "id:2, phase:1,deny, status:403,msg:'Invalid id',log,auditlog"
SecRequestBodyAccess On
SecRule REQUEST_BODY "@contains totolol" "id:100, phase:2,deny, status:403,msg:'Invalid request body',log,auditlog"
```
acquis.yaml :
```
listen_addr: 127.0.0.1
listen_port: 4241
path: /
source: waf
labels:
type: waf
```