OpenResty with Coraza WAF

OpenResty

First you need OpenResty (Nginx with LUA support):

openresty.org

Installation

Official guide for installation

Openresty module for Coraza WAF

lua-resty-coraza

Installation

GO Installation

libcoraza-nginx

apt install g++ autoconf automake libtool make

clone the repository:

git clone https://github.com/potats0/coraza.git

Build the source && Installation

cd coraza
./build.sh
./configure
make
make install

Note: libcoraza.so will be installed at /usr/local/lib

lua-resty-coraza

opm get potats0/lua-resty-coraza

Configuring OpenResty

Downloading rules & Configuration

Configuration:

curl https://cdn.malware.expert/coraza.conf > /usr/local/openresty/nginx/conf/coraza.conf

Edit what needed, like path’s etc …

nano -w /usr/local/openresty/nginx/conf/coraza.conf

Installing rules

curl https://cdn.malware.expert/malware_expert.lua > /usr/local/openresty/nginx/conf/malware_expert.lua

Change subscription key:

nano -w /usr/local/openresty/nginx/conf/malware_expert.lua

Default OpenResty Nginx configuration file found:

nano -w /usr/local/openresty/nginx/conf/nginx.conf

Add http header content:

http {
    # Download malware.expert rules on server start/restart
    init_by_lua_file /usr/local/openresty/nginx/conf/malware_expert.lua;
    init_worker_by_lua_block {
        coraza = require "resty.coraza"
        waf = coraza.create_waf()
        -- Default ModSecurity setting - Modify suitable 
        coraza.rules_add_file(waf, "/usr/local/openresty/nginx/conf/coraza.conf")

        -- Malware.Expert rules adding
        coraza.rules_add(waf, "Include /usr/local/openresty/nginx/conf/malware_expert.conf")
    }

Activation rules in nginx location directive:

location / {
            access_by_lua_block {
            coraza.do_create_transaction(waf)
            coraza.do_access_filter()
            coraza.do_interrupt()
            }

            #content_by_lua_block {
            #    ngx.say("passed")
            #}

            header_filter_by_lua_block{
                coraza.do_header_filter()
                coraza.do_interrupt()
            }
    
            body_filter_by_lua_block{
                coraza.do_body_filter()
            }

            log_by_lua_block{
                coraza.do_log()
                coraza.do_free_transaction()
            }

            root   html;
            index  index.html index.htm;
        }
}

service openresty restart

More details:
– https://coraza.io
– https://github.com/corazawaf/coraza