Skip to content

Latest commit

 

History

History
57 lines (41 loc) · 1.65 KB

README.md

File metadata and controls

57 lines (41 loc) · 1.65 KB

HTTP-Server with Coraza

This example is intended to provide a straightforward way to spin up Coraza and grasp its behaviour.

Run the example

go run . 

The server will be reachable at http://localhost:8090.

# True positive request (403 Forbidden)
curl -i 'localhost:8090/hello?id=0'
# True negative request (200 OK)
curl -i 'localhost:8090/hello'

You can customise the rules to be used by using the DIRECTIVES_FILE environment variable to load a directives file:

DIRECTIVES_FILE=my_directives.conf go run . 

You can also customise response body and response headers by using RESPONSE_HEADERS and RESPONSE_BODY environment variables respectively:

RESPONSE_BODY=creditcard go run . 

And then

# True positive request (403 Forbidden) due to matching response body
curl -i 'localhost:8090/hello'

Customize WAF rules

The configuration of the WAF relies on default.conf. Feel free to play with it.

Customize server behaviour

The following snippet shows an example of code that may be added to the exampleHandler in order to make the example capable of echoing the body request. It comes in handy for testing rules that match the response body.

func exampleHandler(w http.ResponseWriter, req *http.Request) {
 w.Header().Set("Content-Type", "text/plain")
   var buf bytes.Buffer
 _, err := io.Copy(&buf, req.Body)
   if err != nil {
     log.Fatalf("handler can not read request body: %v", err)
   }
 w.Write(buf.Bytes())
}