Skip to content

Commit

Permalink
fix coraza configuration to use the action variable
Browse files Browse the repository at this point in the history
  • Loading branch information
@JanHolger
JanHolger committed Mar 14, 2024
1 parent 222a777 commit 082a0f3
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion rootfs/etc/templates/haproxy/haproxy.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -595,8 +595,14 @@ backend {{ $backend.ID }}
{{- if eq $waf.Mode "deny" }}
{{- range $pathIDs := $wafCfg.PathIDs $i }}
{{- if $global.ModSecurity.UseCoraza }}
http-request redirect code 302 location %[var(txn.coraza.data)] if { var(txn.coraza.action) -m str redirect }
http-response redirect code 302 location %[var(txn.coraza.data)] if { var(txn.coraza.action) -m str redirect }
http-request deny deny_status 403 hdr waf-block "request" if { var(txn.coraza.action) -m str deny }
http-response deny deny_status 403 hdr waf-block "response" if { var(txn.coraza.action) -m str deny }
http-request silent-drop if { var(txn.coraza.action) -m str drop }
http-response silent-drop if { var(txn.coraza.action) -m str drop }
http-request deny deny_status 504 if { var(txn.coraza.error) -m int gt 0 }
http-request deny if !{ var(txn.coraza.fail) -m int eq 0 }
http-response deny deny_status 504 if { var(txn.coraza.error) -m int gt 0 }
{{- else }}
http-request deny if { var(txn.modsec.code) -m int gt 0 }
{{- end }}
Expand Down

0 comments on commit 082a0f3

Please sign in to comment.