http-coraza #
Coraza WAF for nginx — a Go-powered, drop-in replacement for ModSecurity v3 that speaks the same SecLang rules and OWASP CRS, embedded as a dynamic module via libcoraza. Full write-up: Coraza WAF, the Go ModSecurity replacement →.
Source: upstream source
Read more: deep-dive article on deb.myguard.nl
Directives
coraza #
syntax: coraza on | off (on/off flag); · context: http, server, location
 # Coraza NGINX Connector The coraza-nginx connector is the connection point between nginx and libcoraza.
coraza_rules #
syntax: coraza_rules 1 arg; · context: http, server, location
Includes Coraza WAF rules directly inline within the nginx configuration.
coraza_rules_file #
syntax: coraza_rules_file 1 arg; · context: http, server, location
Specifies the path to a file containing Coraza WAF rule configuration.
coraza_transaction_id #
syntax: coraza_transaction_id 1+ args; · context: http, server, location
The following example is loading rules from a file and injecting specific configurations per directory/alias: coraza_transaction_id -------------------------- syntax: coraza_transaction_id string context: http, server, location default: no Allows to pass transaction ID from nginx instead of generating it in the library.
Example
load_module "/usr/lib/nginx/modules/ngx_http_coraza_module.so";
worker_processes auto;
error_log /dev/stderr warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
}
http {
coraza on;
coraza_rules_file /opt/coraza/config/coraza-rules.conf;
server {
listen 80 default_server;
# Default: serve a simple response via echo-like approach
# Using a small internal redirect to an always-200 backend
location @fallback {
return 200 "OK\n";
}
location / {
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /phase1 {
coraza_rules '
SecRule ARGS:action "@streq block403" "id:20001,phase:1,deny,status:403,log"
';
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /phase2 {
coraza_rules '
SecRule REQUEST_BODY "@contains PHASE2ATTACK" "id:20002,phase:2,deny,status:403,log"
';
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /redirect-302 {
coraza_rules '
SecRule ARGS:target "@streq redirect" "id:20701,phase:1,status:302,log,redirect:http://www.coraza.io"
';
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /redirect-301 {
coraza_rules '
SecRule ARGS:target "@streq redirect" "id:20702,phase:1,status:301,log,redirect:http://www.coraza.io"
';
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /deny-401 {
coraza_rules '
SecRule ARGS:action "@streq block" "id:20401,phase:1,deny,status:401,log"
';
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /merge-engine-off {
coraza_rules 'SecRuleEngine Off';
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /merge-bodyaccess-off {
coraza_rules 'SecRequestBodyAccess Off';
error_page 404 405 = @fallback;
root /tmp/empty;
}
location /merge-inherited {
coraza_rules '
SecRule ARGS:localonly "@streq yes" "id:20010,phase:1,deny,
…