History

bui a8321b5cc5 up		2023-09-14 09:43:22 +02:00
..
metrics.go	up	2023-09-12 09:45:14 +02:00
README.md	up	2023-09-12 18:17:58 +02:00
rx_operator.go	up	2023-09-12 09:45:14 +02:00
utils.go	up	2023-09-12 09:45:14 +02:00
waap.go	up	2023-09-13 18:03:03 +02:00
waap_runner.go	up	2023-09-14 09:43:22 +02:00

README.md

Ongoing poc for Coraza WAAP

Configuration pieces

Acquisition

acquisition example:

config/acquis.yaml :

listen_addr: 127.0.0.1
listen_port: 4241
path: /
source: waf
labels:
  type: waf
#routines: 1
waap_config: mytest

Waap config

The waap config defines what rules that will be loaded by a given waap engine (associated with an acquis).

config/waap_configs/mytest.yaml

name: mytest.yaml
outofband_rules:
 - crowdsec/crs-default
inband_rules:
 - crowdsec/vpatch-default
default_remediation: block
variables_tracking:
 - session_*
# onload:
#  - apply:
#     - DisabledInBandRuleByID(1003)
# pre_eval:
#   - filter: evt.SourceIP == '1.3.4.5' 
#     apply:
#       - DisableOutOfBandRuleByID(2302)

Waap Rules

For the above two to work, we need to have the two refered waap collection installed : crowdsec/crs-default and crowdsec/vpatch-default. You need to set hub_branch to ...

cscli waf-rules install ...