Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document how to override CRS variables #145

Closed
jpds opened this issue Apr 29, 2024 · 4 comments
Closed

Document how to override CRS variables #145

jpds opened this issue Apr 29, 2024 · 4 comments
Labels
awaiting feedback stale

Comments

@jpds
Copy link

jpds commented Apr 29, 2024
edited
Loading

Given the following error:

Apr 29 17:00:20 caddy caddy[468]: {"level":"error","ts":1714410020.510198,"logger":"http.handlers.waf","msg":"[client \"[2a03:...]\"] Coraza: Warning. Request content type is not allowed by policy [file \"@owasp_crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\"] [line \"1968\"] [id \"920420\"] [rev \"\"] [msg \"Request content type is not allowed by policy\"] [data \"|application/octet-stream|\"] [severity \"critical\"] [ver \"OWASP_CRS/4.0.0-rc1\"] [maturity \"0\"] [accuracy \"0\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-protocol\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"capec/1000/255/153\"] [tag \"PCI/12.1\"] [hostname \"\"] [uri \"/..."] [unique_id \"tMztcPmYICGNyugn\"]\n"}

It's not clear to me from the example how I'm suppose to override this variable in the Caddy configuration:

      coraza_waf {
        load_owasp_crs
        directives `
          Include @coraza.conf-recommended
          Include @crs-setup.conf.example
          Include @owasp_crs/*.conf
          SecRuleEngine DetectionOnly
        `
      }

If I add this before the Include lines:

SecAction \
    "id:920420,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    setvar:'tx.content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream|'"

Then Caddy simply returns this error message:

provision http.handlers.waf: invalid WAF config from string: failed to parse string: failed to compile the directive "secrule": there is a another rule with id 920420
@semzor
Copy link

semzor commented Jun 16, 2024

Did you find a solution for tihs? @jpds

@jptosso
Copy link
Member

jptosso commented Jun 16, 2024
edited
Loading

The rule is failing because of the duplicated rule id. Just use a single rule to override all variables you want and make sure the id is unique. The same rule with a different id should work
Also make sure the rule is added before including crs

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 2, 2024

This issue has been open 30 days waiting for feedback. Remove the stale label or comment, or this will be closed in 14 days.

@github-actions github-actions bot added the stale label Sep 2, 2024
@github-actions GitHub Actions
Copy link

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting feedback stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jptosso @fzipi @semzor @jpds