1
General Discussion / Coraza plugin for HAProxy (for WAF capabilities)
« on: April 12, 2023, 11:26:18 am »
Hi all, I'm setting up a tutorial for OPNsense and HAproxy, but hit a wall when I realised there's no native support for the WAF plugin: https://github.com/corazawaf/coraza-spoa.
Digging into the topic, it appears people say to use the nginx WAF plugin, but nginx is considerably less friendly and configurable compared to haproxy. Also nginx isn't using the coraza ruleset.
Anyone have an idea how to approach this? Manually or otherwise? I would suspect it would need compiling the go module for OPNsense, setting up the service, and then configuring HAproxy to use it (which ideally could get handled by the plugin itself, but even manually would be a good start).
Digging into the topic, it appears people say to use the nginx WAF plugin, but nginx is considerably less friendly and configurable compared to haproxy. Also nginx isn't using the coraza ruleset.
Anyone have an idea how to approach this? Manually or otherwise? I would suspect it would need compiling the go module for OPNsense, setting up the service, and then configuring HAproxy to use it (which ideally could get handled by the plugin itself, but even manually would be a good start).