remove DetectionOnly WAF mode

DetectionOnly was fundamentally broken in coraza-caddy (actually blocks requests via anomaly scoring), caused massive audit log flooding, and the threshold workaround had several issues: - t:none is meaningless in a SecAction (no target to transform) - SecRuleEngine directive ordering relative to SecAction is implementation- defined, making the override fragile - host.mode ?? 'DetectionOnly' fallbacks silently gave any host without an explicit mode the broken DetectionOnly behaviour Changes: - Remove DetectionOnly from UI (global settings radio, per-host engine mode) - Coerce legacy DB values of 'DetectionOnly' to 'On' in buildWafHandler - Fix fallback defaults: host.mode ?? 'DetectionOnly' → host.mode ?? 'On' - Fix action parsers: unknown mode defaults to 'On' (was 'DetectionOnly') - Fix global settings defaultValue: ?? 'DetectionOnly' → ?? 'On' (or 'Off') - Remove the fragile threshold SecAction workaround - Update types: mode is now 'Off' | 'On' throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-06 17:27:08 +01:00
parent 5cd92fe669
commit b348dae4be
8 changed files with 14 additions and 22 deletions
--- a/app/(dashboard)/settings/SettingsClient.tsx
+++ b/app/(dashboard)/settings/SettingsClient.tsx
@@ -811,9 +811,8 @@ export default function SettingsClient({
              <FormLabel sx={{ fontSize: "0.75rem", fontWeight: 600, textTransform: "uppercase", letterSpacing: 0.5 }}>
                Engine Mode
              </FormLabel>
-              <RadioGroup row name="waf_mode" defaultValue={globalWaf?.mode ?? "DetectionOnly"}>
+              <RadioGroup row name="waf_mode" defaultValue={globalWaf?.mode === "Off" ? "Off" : "On"}>
                <FormControlLabel value="Off" control={<Radio size="small" />} label="Off" />
-                <FormControlLabel value="DetectionOnly" control={<Radio size="small" />} label="Detection Only" />
                <FormControlLabel value="On" control={<Radio size="small" />} label="On (Blocking)" />
              </RadioGroup>
            </FormControl>
@@ -874,8 +873,7 @@ export default function SettingsClient({
              </Collapse>
            </Box>
            <Alert severity="info" sx={{ fontSize: "0.8rem" }}>
-              WAF events (blocked requests) are stored for 90 days and viewable under <strong>WAF Events</strong> in the sidebar.
-              Events only appear when the engine is set to <em>On (Blocking)</em> — Detection Only mode matches rules without blocking and produces no events here.
+              WAF events are stored for 90 days and viewable under <strong>WAF Events</strong> in the sidebar.
            </Alert>
            <Box sx={{ display: "flex", justifyContent: "flex-end" }}>
              <Button type="submit" variant="contained">