OWASP Coraza

OWASP Core Ruleset

The easiest way to use CRS with Coraza is via the coraza-coreruleset Go package, which embeds the Core Rule Set and the recommended Coraza configuration so you don’t need to manage files manually.

package main

import (
    "github.com/corazawaf/coraza/v3"
    "github.com/corazawaf/coraza-coreruleset"
)

func main() {
    waf, err := coraza.NewWAF(
        coraza.NewWAFConfig().
            WithRootFS(coreruleset.FS).
            WithDirectivesFromFile("@coraza.conf-recommended").
            WithDirectivesFromFile("@crs-setup.conf.example").
            WithDirectivesFromFile("@owasp_crs/*.conf"),
    )
    if err != nil {
        panic(err)
    }
    // Use waf...
    _ = waf
}

Manual Installation

If you prefer to manage CRS files manually:

wget https://raw.githubusercontent.com/corazawaf/coraza/main/coraza.conf-recommended -O coraza.conf
git clone https://github.com/coreruleset/coreruleset

Then load the files in order:

  1. coraza.conf
  2. coreruleset/crs-setup.conf.example
  3. coreruleset/rules/*.conf
func initCoraza() {
    cfg := coraza.NewWAFConfig().
        WithDirectivesFromFile("coraza.conf").
        WithDirectivesFromFile("coreruleset/crs-setup.conf.example").
        WithDirectivesFromFile("coreruleset/rules/*.conf")
    waf, err := coraza.NewWAF(cfg)
    if err != nil {
        panic(err)
    }
    _ = waf
}

Configuration

Please check https://coreruleset.org/docs/deployment/install/ for configuration examples.

Prev
Quick Start
Next
Internals