File access

[jcchavezs]

traefik/traefik#10739

[attrib]

Will this include the log path SecDebugLog?

[tiran133]

I'm using Traefik 3.2.0 I'm trying to load a file, and it does not seem to work.

Traefik static config

experimental:
  plugins:
    coraza-http-wasm-traefik:
      moduleName: "github.com/jcchavezs/coraza-http-wasm-traefik"
      version: "v0.2.2"
      settings:
        mounts:
          - /coraza

/coraza is mounted from the docker host into the Traefik container

Via volumes:

    volumes:
      - ./coraza:/coraza

The folder coraza contains a file named crs-setup.conf

in the middleware, I'm trying to load the file

http:
  middlewares:
    my-coraza-http-wasm-traefik:
      plugin:
        coraza-http-wasm-traefik:
          crsEnabled: true
          directives:
            - Include ./coraza/crs-setup.conf

I get following error

Failed to initialize WAF: invalid WAF config from string: failed to readfile: open coraza/crs-setup.conf: file does not exist

If I try to load it via - Include /coraza/crs-setup.conf I get:

Failed to initialize WAF: invalid WAF config from string: failed to readfile: read /coraza/crs-setup.conf: invalid name

Any idea?

[jcchavezs]

@tiran133 try Include crs-setup.conf

[tiran133]

Unfortunately not.
Still getting

Failed to initialize WAF: invalid WAF config from string: failed to readfile: open crs-setup.conf: file does not exist

Not sure what's going, but I tried all sorts of combinations to include the file, but it seems that the folder is not mounted.

[jcchavezs]

I see. This sounds more like a traefik issue. José Carlos Chávez

…

On Tue, 29 Oct 2024 at 11:05, tiran133 ***@***.***> wrote: Unfortunately not. Still getting Failed to initialize WAF: invalid WAF config from string: failed to readfile: open crs-setup.conf: file does not exist Not sure what's going, but I tried all sorts of combinations to include the file, but it seems that the folder is not mounted. — Reply to this email directly, view it on GitHub <#17 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYAXUST3YAUXJJ4GTQKLZ55MXFAVCNFSM6AAAAABIFVR5CWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBTG43TCNZQGU> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[tiran133]

Well the implementation is here it looks ok to me, I guess, but I'm not a go expert so not sure.

https://github.com/juliens/traefik/blob/ac0c880b1ffbe7d888a67586397976856cd7fc34/pkg/plugins/middlewarewasm.go#L89

For now, I gave up, and I will use the example file Include @crs-setup.conf.example and overwrite/add everything I need
through the middleware directives: key

[jcchavezs]

you are right. It might not be a traefik issue. Let me put up a fix. José Carlos Chávez

…

On Tue, 29 Oct 2024 at 11:17, tiran133 ***@***.***> wrote: Well the implementation is here it looks ok to me, I guess, but I'm not a go expert so not sure. https://github.com/juliens/traefik/blob/ac0c880b1ffbe7d888a67586397976856cd7fc34/pkg/plugins/middlewarewasm.go#L89 For now, I gave up, and I will use the example file Include @crs-setup.conf.example and overwrite/add everything I need through the middleware directive. — Reply to this email directly, view it on GitHub <#17 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYAT7WATJUOGFNSMHLP3Z55OETAVCNFSM6AAAAABIFVR5CWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBTHAYDKOBXGU> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[jcchavezs]

Done, check 0.3.0

[tiran133]

Great! Thank you for your fast reply!

Can you tag the traefik plugin too?
https://github.com/jcchavezs/coraza-http-wasm-traefik

EDIT:

Just compiled to locally and used the 'localPlugins' for traefik. Still getting the same error.

Failed to initialize WAF: invalid WAF config from string: failed to readfile: open crs-setup.conf: file does not exist

Any combination of mounts and what not, it will not work for me.

Thank you anyway!

[jcchavezs]

Done https://github.com/jcchavezs/coraza-http-wasm-traefik/releases/tag/v0.3.0 José Carlos Chávez

…

On Tue, 29 Oct 2024 at 13:32, tiran133 ***@***.***> wrote: Great! Thank you for your fast reply! Can you tag the traefik plugin too? https://github.com/jcchavezs/coraza-http-wasm-traefik — Reply to this email directly, view it on GitHub <#17 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYARB4ZZINCFN3OPOAULZ55553AVCNFSM6AAAAABIFVR5CWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBUGA4DEOJQGU> . You are receiving this because you modified the open/close state.Message ID: ***@***.***>

[tiran133]

Thank you.

It is still not working for me. 😮‍💨

[jcchavezs]

I believe the problem comes from corazawaf/coraza#1208. I am testing the fix.

[jcchavezs]

I reopened this issue because I could not find an easy fix for it. I suspect the failure comes from the mounting functionality provided by traefik. When I mount a folder e.g. /etc/coraza/testdata I am not able to access such folder. Creating a wasm function with

package main

import httpwasm "github.com/http-wasm/http-wasm-guest-tinygo/handler"

func main() {
	readDir(httpwasm.Host, ".")
	readDir(httpwasm.Host, "/")
	readDir(httpwasm.Host, "./etc")
	readDir(httpwasm.Host, "/etc")
	readDir(httpwasm.Host, "/etc/my-file")
}

func readDir(host api.Host, dir string) {
	dirEntries, err := os.ReadDir(dir)
	if err == nil {
		host.Log(api.LogLevelError, "=> reading dir"+dir)
		for _, f := range dirEntries {
			host.Log(api.LogLevelError, "reading file"+f.Name())
		}
	} else {
		host.Log(api.LogLevelError, "error reading dir "+err.Error())
	}
}

Fails all the time e2e_traefik_local-1 | 2024-11-13T14:49:22Z ERR github.com/traefik/traefik/v3/pkg/logs/wasm.go:31 > error reading dir open /etc/coraza/testdata: file does not exist

Ping @juliens

[jcchavezs]

Traefik merged a fix for this traefik/traefik#11321. Let's see when they cut a release.