From 59a0089e0241265976b8c01f241cb5272f27c43c Mon Sep 17 00:00:00 2001 From: Fionera Date: Sun, 18 Feb 2024 22:17:48 +0100 Subject: [PATCH] docs: update docs to rewrite --- README.md | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 6d2c9e4..aac2d99 100644 --- a/README.md +++ b/README.md @@ -14,27 +14,23 @@ HAProxy includes a [Stream Processing Offload Engine](https://www.haproxy.com/bl ### Build -The command `make` will compile the source code and produce the executable file `coraza-spoa`. - -### Clean - -When you need to re-compile the source code, you can use the command `make clean` to clean the executable file. +The command `go run mage.go build` will compile the source code and produce the executable file `coraza-spoa`. ## Configuration ## Coraza SPOA -The example configuration file is [config.yaml.default](https://github.com/corazawaf/coraza-spoa/blob/main/config.yaml.default), you can copy it and modify the related configuration information. You can start the service by running the command: +The example configuration file is [examples/coraza-spoa.yaml](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza-spoa.yaml), you can copy it and modify the related configuration information. You can start the service by running the command: ``` -coraza-spoa -config /etc/coraza-spoa/coraza.yaml +coraza-spoa -f /etc/coraza-spoa/coraza-spoa.yaml ``` You will also want to download & extract the [OWASP Core Ruleset]( https://github.com/coreruleset/coreruleset/releases) (version 4+ supported) to the `/etc/coraza-spoa` directory. ## HAProxy SPOE -Configure HAProxy to exchange messages with the SPOA. The example SPOE configuration file is [coraza.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/doc/config/coraza.cfg), you can copy it and modify the related configuration information. Default directory to place the config is `/etc/haproxy/coraza.cfg`. +Configure HAProxy to exchange messages with the SPOA. The example SPOE configuration file is [coraza.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg), you can copy it and modify the related configuration information. Default directory to place the config is `/etc/haproxy/coraza.cfg`. ```ini # /etc/haproxy/coraza.cfg @@ -47,7 +43,7 @@ spoe-message coraza-req event on-frontend-http-request ``` -The application name from `config.yaml` must match the `app=` name, or the `default_application` will be used. +The application name from `config.yaml` must match the `app=` name. The backend defined in `use-backend` must match a `haproxy.cfg` backend which directs requests to the SPOA daemon reachable via `127.0.0.1:9000`. @@ -70,12 +66,12 @@ backend coraza-spoa server s1 127.0.0.1:9000 ``` -A comprehensive HAProxy configuration example can be found in [docs/config/haproxy.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/doc/config/coraza.cfg). +A comprehensive HAProxy configuration example can be found in [examples/haproxy.cfg](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg). -Because, in the SPOE configuration file (coraza.cfg), we declare to use the backend [coraza-spoa](https://github.com/corazawaf/coraza-spoa/blob/88b4e54ab3ddcb58d946ed1d6389eff73745575b/doc/config/coraza.cfg#L14) to communicate with the service, so we need also to define it in the [HAProxy file](https://github.com/corazawaf/coraza-spoa/blob/dd5eb86d1e9abbdd5fe568249f36a6d85257eba7/doc/config/haproxy.cfg#L37): +Because, in the SPOE configuration file (coraza.cfg), we declare to use the backend [coraza-spoa](https://github.com/corazawaf/coraza-spoa/blob/main/examples/coraza.cfg#L14) to communicate with the service, so we need also to define it in the [HAProxy file](https://github.com/corazawaf/coraza-spoa/blob/main/examples/haproxy.cfg#L37): ## Docker -- Build the coraza-spoa image `docker-compose build` -- Run haproxy, coraza-spoa and a mock server `docker-compose up` +- Build the coraza-spoa image `docker compose build` +- Run haproxy, coraza-spoa and a mock server `docker compose up` - Perform a request which gets blocked by the WAF: `curl http://localhost:4000/\?x\=/etc/passwd` \ No newline at end of file