-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
questions about WAF detection only mode #197
Comments
Hi!
The latest directive occurrence will be enforced. So, if
Yes, definitely. Running with
|
I already test today and seems DetectionOnly works. |
@zufardhiyaulhaq could you elaborate a bit more on this?
|
@jcchavezs currently there are no metrics that indicate this is detection only mode, not really sure if we need this though. |
@jcchavezs I am more concerning that the log output from envoy is hard to parse. |
We have metrics in place https://github.com/corazawaf/coraza-proxy-wasm#waf-metrics and they work the same both in |
This issue has been open 30 days waiting for feedback. Remove the stale label or comment, or this will be closed in 14 days. |
This issue was closed because it has been inactive for 14 days since being marked as stale. |
Can we re-open this issue ? |
Totally also this is linked to corazawaf/coraza#1008 as we only can access this metrics if the interruption is being raised. |
This issue has been open 30 days waiting for feedback. Remove the stale label or comment, or this will be closed in 14 days. |
This issue was closed because it has been inactive for 14 days since being marked as stale. |
In most WAF implementations, we can set up monitor-only or count-only mode while still allowing access to the upstream services.
This stage is one of the important steps when rollouts WAF, at least in my company.
I see that in Coraza, we can use https://coraza.io/docs/seclang/directives/#secruleengine to DetectionOnly
I have 2 queries:
are there any good resources to understand the order of directives?
what if SecRuleEngine is already in @crs-setup-demo-conf?
is coraza-proxy-wasm already support detectionOnly mode? in plugins.go, it's only checking if SecRuleEngine is off, there are no mechanism to detect if it's DetectionOnly.
coraza-proxy-wasm/wasmplugin/plugin.go
Line 237 in fe78932
The text was updated successfully, but these errors were encountered: