38 lines
1.2 KiB
Text
38 lines
1.2 KiB
Text
|
# {{ ansible_managed }}
|
||
|
|
|
||
|
|
# The SPOA server bind address
|
||
|
|
bind: 127.0.0.1:9000
|
||
|
|
|
||
|
|
# The log level configuration, one of: debug/info/warn/error/panic/fatal
|
||
|
|
log_level: warn
|
||
|
|
# The log file path
|
||
|
|
log_file: /var/log/coraza/coraza.log
|
||
|
|
# The log format, one of: console/json
|
||
|
|
log_format: json
|
||
|
|
|
||
|
|
applications:
|
||
|
|
- name: haproxy_waf
|
||
|
|
directives: |
|
||
|
|
SecAction "id:1000001,phase:1,pass,t:none,nolog,setvar:tx.blocking_paranoia_level={{ coraza_paranoia_level | default(1) }}"
|
||
|
|
Include /etc/coraza/coraza.conf
|
||
|
|
Include /etc/coraza/crs-setup.conf
|
||
|
|
{% if coraza_directives is defined %}
|
||
|
|
{{ coraza_directives | indent(6, true) }}
|
||
|
|
{% else %}
|
||
|
|
Include /etc/coraza/plugins/*.conf
|
||
|
|
Include /etc/coraza/rules/*.conf
|
||
|
|
{% endif %}
|
||
|
|
|
||
|
|
# HAProxy configured to send requests only, that means no cache required
|
||
|
|
response_check: false
|
||
|
|
|
||
|
|
# The transaction cache lifetime in milliseconds (60000ms = 60s)
|
||
|
|
transaction_ttl_ms: {{ coraza_spoa_transaction_ttl_ms | default(500) }}
|
||
|
|
|
||
|
|
# The log level configuration, one of: debug/info/warn/error/panic/fatal
|
||
|
|
log_level: warn
|
||
|
|
# The log file path
|
||
|
|
log_file: /var/log/coraza/coraza.log
|
||
|
|
# The log format, one of: console/json
|
||
|
|
log_format: json
|