akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

remove dead DetectionOnly coercion in buildWafHandler

Browse Source 
WafSettings.mode is now 'Off' | 'On' so the legacy DB coercion guard
triggered a TS2367 type error. DB values are already normalised upstream.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
fuomag9
2026-03-06 17:31:59 +01:00
parent 9834fe20c9
commit 9bfa86f2fc
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/lib/caddy.ts
View File

@@ -844,8 +844,7 @@ function buildWafHandler(waf: WafSettings): Record<string, unknown> {
'Include @owasp_crs/*.conf',
] : []),
...(waf.excluded_rule_ids?.length ? [`SecRuleRemoveById ${waf.excluded_rule_ids.join(' ')}`] : []),
// DetectionOnly is no longer exposed in the UI; legacy DB values are coerced to On.
`SecRuleEngine ${waf.mode === 'DetectionOnly' ? 'On' : waf.mode}`,
`SecRuleEngine ${waf.mode}`,
// RelevantOnly logs transactions where a rule fired with the auditlog action (which all OWASP
// CRS rules include via SecDefaultAction), covering both blocked and DetectionOnly hits.
// Clean requests with no rule matches are silently skipped, avoiding massive log growth.