Coder Social home page Coder Social logo

lua-resty-coraza's People

Stargazers

parkle avatar zeroskill avatar Stig avatar avatar avatar seven dickens avatar hubo avatar avatar 黄承开 avatar Evi1ran avatar denggongcai avatar Matteo Pace avatar Sandalots avatar José Carlos Chávez avatar

Watchers

avatar

Forkers

richsun-crypto eysdo

lua-resty-coraza's Issues

Audit logging not working correctly?

Hello,

There seem to be some issue with the audit logging. But debug logging is working fine.

Audit.log is never created even though that it is specified in coraza.conf

From coraza.conf

# -- Debug log configuration -------------------------------------------------

# Default debug log path
# Debug levels:
# 0:   No logging (least verbose)
# 1:   Error
# 2:   Warn
# 3:   Info
# 4-8: Debug
# 9:   Trace (most verbose)
# Most logging has not been implemented because it will be replaced with
# advanced rule profiling options
SecDebugLog debug.log
SecDebugLogLevel 9

# -- Audit log configuration -------------------------------------------------

# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,
# level response status codes).
#
SecAuditEngine On
SecAuditLog audit.log
SecAuditLogParts ABCFHZ
SecAuditLogType concurrent

lsof | grep debug | head -n 1
nginx     1643295                               root   29u      REG                9,0 645230276    3014750 /tmp/debug.log

lsof | grep -i audit does not output anything. So that file is not created or attached.

From coraza/debug.log

2024/03/19 12:00:10 [DEBUG] Skipping rule because of SkipAfter tx_id="CxdXiWpdZSrrUWvLmhd" rule_id=980170 skip_after="END-REPORTING" secmarer=""
2024/03/19 12:00:10 [DEBUG] Evaluating rule tx_id="CxdXiWpdZSrrUWvLmhd" rule_id=0
2024/03/19 12:00:10 [DEBUG] Forcing rule to match tx_id="CxdXiWpdZSrrUWvLmhd" rule_id=0
2024/03/19 12:00:10 [DEBUG] Finish evaluating rule tx_id="CxdXiWpdZSrrUWvLmhd" rule_id=0
2024/03/19 12:00:10 [DEBUG] Finished phase tx_id="CxdXiWpdZSrrUWvLmhd" phase=5
2024/03/19 12:00:10 [DEBUG] Transaction marked for audit logging tx_id="CxdXiWpdZSrrUWvLmhd"

Example of disruptive action from nginx error.log

03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:244: intervention(): PID: 1767074   phrase: access  Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: disrupted with status 403 action deny
2024/03/19 12:05:38 [warn] 1767074#0: *90 [lua] coraza.lua:92: do_handle(): PID: 1767074        phrase: access  Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: request: "GET /wp-admin/ HTTP/2.0" is interrupted by policy. Action is deny, client: <hidden>, server: , request: "GET /wp-admin/ HTT
P/2.0", host: "www.test.eu"
2024/03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:124: do_header_filter(): PID: 1767074       phrase: header_filter   Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: has been disrupted at request phrase. ignore
2024/03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:105: do_interrupt(): PID: 1767074   phrase: header_filter   Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: has been disrupted at request phrase. ignore
2024/03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:327: append_response_body(): PID: 1767074   phrase: body_filter     Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: success to invoke coraza_append_response_body with {"code": 403, "message": "This connection was blocked by Coroza!"}

2024/03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:336: process_response_body(): PID: 1767074  phrase: body_filter     Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: success to invoke coraza_process_response_body
2024/03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:345: process_logging(): PID: 1767074        phrase: log     Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: success to invoke coraza_process_logging
2024/03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:81: do_free_transaction(): PID: 1767074     phrase: log     Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: is freed by coraza_free_transaction
2024/03/19 12:05:38 [debug] 1767074#0: *90 [lua] coraza.lua:257: free_transaction(): PID: 1767074       phrase: log     Transaction: c47e8e493795a4a8a556f696ac47d7b2   lua-resty-coraza: success to invoke coraza_free_transaction
2024/03/19 12:05:40 [debug] 1767074#0: *90 [lua] coraza.lua:159: new_transaction(): PID: 1767074        phrase: access  Transaction: 285cd5c645f0c53ff40791a158ac65e4   lua-resty-coraza: Success to creat new transaction
2024/03/19 12:05:40 [debug] 1767074#0: *90 [lua] coraza.lua:172: process_connection(): PID: 1767074     phrase: access  Transaction: 285cd5c645f0c53ff40791a158ac65e4   lua-resty-coraza: success to invoke coraza_process_connection with sourceAddress:<hidden> clientPort:54949 serverHost:<hidden> serverPort:4
43

I have hidden ip's and domains from log 👍 in case you wonder.

lua-resty-coraza production ready?

Hi, im looking into possibly replace lua-resty-lua with lua-resty-coraza.

What is the current plan for this project? And is it ready for production or still in some experimental state?

m2 build failed

hi . I want try install this lib at Macos M2 machine. but it's failed.

~/w/coraza main> sudo make install
Password:
make[1]: Nothing to be done for `install-exec-am'.
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-am
make[2]: Nothing to be done for `all-am'.
  CC       tests/simple_get.o
tests/simple_get.c:20:25: warning: passing arguments to 'coraza_new_waf' without a prototype is deprecated in all versions of C and is not supported in C2x [-Wdeprecated-non-prototype]
    waf = coraza_new_waf(NULL);
                        ^
tests/simple_get.c:26:28: warning: incompatible function pointer types passing 'void (void *, const void *)' to parameter of type 'coraza_log_cb' (aka 'void (*)(const void *)') [-Wincompatible-function-pointer-types]
    coraza_set_log_cb(waf, logcb);
                           ^~~~~
cgo-gcc-export-header-prolog:89:63: note: passing argument to parameter 'cb' here
extern void coraza_set_log_cb(coraza_waf_t waf, coraza_log_cb cb);
                                                              ^
2 warnings generated.
  CCLD     tests/simple_get
Undefined symbols for architecture arm64:
  "_SecCertificateCopyData", referenced from:
      _crypto/x509/internal/macos.x509_SecCertificateCopyData_trampoline.abi0 in libcoraza.a(go.o)
  "_SecCertificateCreateWithData", referenced from:
      _crypto/x509/internal/macos.x509_SecCertificateCreateWithData_trampoline.abi0 in libcoraza.a(go.o)
  "_SecPolicyCreateSSL", referenced from:
      _crypto/x509/internal/macos.x509_SecPolicyCreateSSL_trampoline.abi0 in libcoraza.a(go.o)
  "_SecTrustCreateWithCertificates", referenced from:
      _crypto/x509/internal/macos.x509_SecTrustCreateWithCertificates_trampoline.abi0 in libcoraza.a(go.o)
  "_SecTrustEvaluateWithError", referenced from:
      _crypto/x509/internal/macos.x509_SecTrustEvaluateWithError_trampoline.abi0 in libcoraza.a(go.o)
  "_SecTrustGetCertificateAtIndex", referenced from:
      _crypto/x509/internal/macos.x509_SecTrustGetCertificateAtIndex_trampoline.abi0 in libcoraza.a(go.o)
  "_SecTrustGetCertificateCount", referenced from:
      _crypto/x509/internal/macos.x509_SecTrustGetCertificateCount_trampoline.abi0 in libcoraza.a(go.o)
  "_SecTrustSetVerifyDate", referenced from:
      _crypto/x509/internal/macos.x509_SecTrustSetVerifyDate_trampoline.abi0 in libcoraza.a(go.o)
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [tests/simple_get] Error 1
make: *** [install-am] Error 2

build failed

build follow this:

1. libcoraza-nginx
clone the repository git clone https://github.com/potats0/coraza.git

Build the source && Installation

    cd coraza
    ./build.sh
    ./configure
    make
    sudo make install
libcoraza.so will be installed at /usr/local/lib

execute ./configure , got this:

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for ar... ar
checking the archiver (ar) interface... ar
checking whether make sets $(MAKE)... (cached) yes
checking for go... true
warning: GOPATH set to GOROOT (/usr/lib/golang) has no effect
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for mt... no
checking if : is a manifest tool... no
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: error: cannot find input file: `Makefile.in'

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.