OWASP Core Ruleset

Caddy server is a high performance web server and reverse proxy.

Important: OWASP Core Ruleset requires libinjection and libpcre, hence CGO_ENABLED=1.



Important considerations

Coraza WAF on based in ModSecurity but is taking a different way, we are working hard with the Core Ruleset project to keep compatibility simple but there are some tweaks that has to be made in order to use CRS.

Compatibility issues

Coraza WAF implementations are different from Nginx and Apache. Some rules are designed to fix issues releated to the web server and might not be compatible with Coraza. That doesn´t mean you are not protected, it just means you are not vulnerable. Specific issues related to this integration are going to be posted here.

What is not working

  • DDOS protection

Auto CRS with Docker

Edit this page on GitHub