# {{ ansible_managed }}

# The SPOA server bind address
bind: 127.0.0.1:9000

# The log level configuration, one of: debug/info/warn/error/panic/fatal
log_level: warn
# The log file path
log_file: /var/log/coraza/coraza.log
# The log format, one of: console/json
log_format: json

applications:
  - name: haproxy_waf
    directives: |
      SecAction "id:1000001,phase:1,pass,t:none,nolog,setvar:tx.blocking_paranoia_level={{ coraza_paranoia_level | default(1) }}"
      Include /etc/coraza/coraza.conf
      Include /etc/coraza/crs-setup.conf
{% if coraza_directives is defined %}
{{ coraza_directives | indent(6, true) }}
{% else %}
      Include /etc/coraza/plugins/*.conf
      Include /etc/coraza/rules/*.conf
{% endif %}

    # HAProxy configured to send requests only, that means no cache required
    response_check: false

    # The transaction cache lifetime in milliseconds (60000ms = 60s)
    transaction_ttl_ms: {{ coraza_spoa_transaction_ttl_ms | default(500) }}

    # The log level configuration, one of: debug/info/warn/error/panic/fatal
    log_level: warn
    # The log file path
    log_file: /var/log/coraza/coraza.log
    # The log format, one of: console/json
    log_format: json