OPNsense Forum

English Forums => General Discussion => Topic started by: routerino on April 12, 2023, 11:26:18 am

Title: Coraza plugin for HAProxy (for WAF capabilities)
Post by: routerino on April 12, 2023, 11:26:18 am

Hi all, I'm setting up a tutorial for OPNsense and HAproxy, but hit a wall when I realised there's no native support for the WAF plugin: https://github.com/corazawaf/coraza-spoa (https://github.com/corazawaf/coraza-spoa).

Digging into the topic, it appears people say to use the nginx WAF plugin, but nginx is considerably less friendly and configurable compared to haproxy. Also nginx isn't using the coraza ruleset.

Anyone have an idea how to approach this? Manually or otherwise? I would suspect it would need compiling the go module for OPNsense, setting up the service, and then configuring HAproxy to use it (which ideally could get handled by the plugin itself, but even manually would be a good start).

Title: Re: Coraza plugin for HAProxy (for WAF capabilities)
Post by: patrick010 on December 11, 2023, 11:22:41 pm

Did you get Coraza working? As I understand it's the replacement for modsecurity.

Title: Re: Coraza plugin for HAProxy (for WAF capabilities)
Post by: marcog on January 15, 2024, 12:15:37 pm

Following the thread, I also think this plugin integration would be cool