caddy-proxy-manager

akanealw/caddy-proxy-manager

Fork 0

Commit Graph

Author	SHA1	Message	Date
akanealw	99819b70ff	added caddy-proxy-manager for testing Some checks failed Build and Push Docker Images (Trusted) / build-and-push (., docker/caddy/Dockerfile, caddy) (push) Has been cancelled Details Build and Push Docker Images (Trusted) / build-and-push (., docker/l4-port-manager/Dockerfile, l4-port-manager) (push) Has been cancelled Details Build and Push Docker Images (Trusted) / build-and-push (., docker/web/Dockerfile, web) (push) Has been cancelled Details Tests / test (push) Has been cancelled Details	2026-04-21 22:49:08 +00:00
fuomag9	e06b41b604	fix WAF detection mode and payload logging - DetectionOnly mode: add SecAction to set anomaly score thresholds to 9999999 so rule 949110/980130 never fires; works around coraza-caddy bug where is_interrupted=true still causes a 403 in detection mode - Switch SecAuditEngine back to On (from RelevantOnly) so DetectionOnly hits are captured, now safe because body parts are excluded - SecAuditLogParts: ABIJDEFHZ → ABFHZ, dropping request body (I), multipart files (J), intermediate response headers (D), and response body (E) — prevents multi-MB payloads being written to audit log - Parser: store both blocked and detected events; filter on rule matched OR is_interrupted instead of is_interrupted only - Add blocked column to waf_events (migration 0014); existing rows default to blocked=true - WAF Events UI: Blocked/Detected chip in table and drawer header - Fix misleading help text that said to use Detection Only to observe traffic before blocking Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-06 15:32:56 +01:00

Author

SHA1

Message

Date

akanealw

99819b70ff

added caddy-proxy-manager for testing

Build and Push Docker Images (Trusted) / build-and-push (., docker/caddy/Dockerfile, caddy) (push) Has been cancelled

Details

Build and Push Docker Images (Trusted) / build-and-push (., docker/l4-port-manager/Dockerfile, l4-port-manager) (push) Has been cancelled

Details

Build and Push Docker Images (Trusted) / build-and-push (., docker/web/Dockerfile, web) (push) Has been cancelled

Details

Tests / test (push) Has been cancelled

Details

2026-04-21 22:49:08 +00:00

fuomag9

e06b41b604

fix WAF detection mode and payload logging

- DetectionOnly mode: add SecAction to set anomaly score thresholds to
  9999999 so rule 949110/980130 never fires; works around coraza-caddy
  bug where is_interrupted=true still causes a 403 in detection mode
- Switch SecAuditEngine back to On (from RelevantOnly) so DetectionOnly
  hits are captured, now safe because body parts are excluded
- SecAuditLogParts: ABIJDEFHZ → ABFHZ, dropping request body (I),
  multipart files (J), intermediate response headers (D), and response
  body (E) — prevents multi-MB payloads being written to audit log
- Parser: store both blocked and detected events; filter on rule matched
  OR is_interrupted instead of is_interrupted only
- Add blocked column to waf_events (migration 0014); existing rows
  default to blocked=true
- WAF Events UI: Blocked/Detected chip in table and drawer header
- Fix misleading help text that said to use Detection Only to observe
  traffic before blocking

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-06 15:32:56 +01:00

2 Commits