coraza waf generic container for docker

[aless3]

Ehi there, I built a small and simple container that uses coraza and the example http server to use coraza as a container in my infrastructure.
For now it is still not mature, I am asking if it makes sense to add other things or is an useless project.
repo: https://github.com/aless3/coraza-simple

I had in mind mostly just my use case: traefik with the modsecurity plugin https://github.com/acouvreur/traefik-modsecurity-plugin
So I just forward to the container my request and they are stopped if coraza thinks they are not trustworthy.

But I'm not completely sure if it makes sense to use it, at first sight it blocks test queries that should be blocked, but considering I don't really know GO and am not well versed in cybersecurity, I'm asking if this may be something more dangerous to use than not using coraza at all, like adding more severe vulnerabilities.

The reason I built this is to have something while waiting for more specialized implementations to mature, like the wasm projects, and in my case waiting for yaegi to fully support external libraries (yaegi is a GO interpreter for traefik).

Thank you for your thoughts, if this may become something useful I will be happy to try and develop it.

[jcchavezs]

Hi @aless3, It is amazing to see this. Currently I have built github.com/jcchavezs/coraza-http-wasm-traefik which aims to run coraza in the traefik 3.0 through wasm but it would definitively be amazing to run some benchmarks between the two implementations (cc @emilevauge). If you don't mind I would open a few issues in your repo with things I believe can be improved but overall this is great. Also feel free to ping me in OWASP slack if further questions.

…

On Mon, 4 Mar 2024, 14:42 aless3, ***@***.***> wrote: Ehi there, I built a small and simple container that uses coraza and the example http server to use coraza as a container in my infrastructure. For now it is still not mature, I am asking if it makes sense to add other things or is an useless project. repo: https://github.com/aless3/coraza-simple I had in mind mostly just my use case: traefik with the modsecurity plugin [https://github.com/acouvreur/traefik-modsecurity-plugin]. So I just forward to the container my request and they are stopped if coraza thinks they are not trustworthy. But I'm not completely sure if it makes sense to use it, at first sight it blocks test queries that should be blocked, but considering I don't really know GO and am not well versed in cybersecurity, I'm asking if this may be something more dangerous to use than not using coraza at all, like adding more severe vulnerabilities. The reason I built this is to have something while waiting for more specialized implementations to mature, like the wasm projects, and in my case waiting for yaegi to fully support external libraries (yaegi is a GO interpreter for traefik). Thank you for your thoughts, if this may become something useful I will be happy to try and develop it. — Reply to this email directly, view it on GitHub <#1010>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYASVPVHCMFSPT4Y3LIDYWR23HAVCNFSM6AAAAABEFHFZ5GVHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZWGMZDANRVHE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[aless3]

Ah, I didn't see your project! Seems more promising than mine to be honest.
Run benchmarks and file issues as you like! It is always appreciated.
But honestly I thought of my project more like a temporary solution waiting for things like yours ahaha.
Anyway about issues keep in my I basically learnt a bit of GO for this project, so honestly I'm not sure I will be able to fix them easily and quickly.

Anyway thank you all for your work on coraza!

[loukaniko85]

Ive also gone down the same route as aless3.

I'm using this in the interim period - https://github.com/loukaniko85/waf with this traefiik plugin https://plugins.traefik.io/plugins/644d9a72ebafd55c9c740848/mx-m-owasp-crs-modsecurity-plugin .