mirror/caddy-waf
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/caddy-waf.git synced 2025-12-23 14:17:45 -05:00
Code Issues Packages Projects Releases Wiki Activity
646 Commits 3 Branches 12 Tags
main
Commit Graph

646 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fabrizio Salmi
571d095028 fix: restore full request body for large payloads (closes #76) v0.1.5 2025-12-08 07:30:22 +01:00
Fabrizio Salmi
d3f918c4c4 build: upgrade to Go 1.25 and Caddy v2.10.2 (security fix) v0.1.4 2025-12-06 23:15:40 +01:00
Fabrizio Salmi
5c5f32741c docs: release v0.1.4 preparation (changelog, security, readme) 2025-12-06 23:13:17 +01:00
Fabrizio Salmi
0a96f22563 style: fix imports ordering for gci linter v0.1.3 2025-12-06 23:08:54 +01:00
Fabrizio Salmi
12d70c0eec fix: use Go 1.24 and compatible quic-go v0.48.2 2025-12-06 23:03:23 +01:00
Fabrizio Salmi
83a4df7e65 fix: downgrade Caddy to v2.9.1 to resolve Go 1.25 requirement 2025-12-06 23:00:53 +01:00
Fabrizio Salmi
05152510f5 ci: fix release workflow (go 1.23 + gh cli) 2025-12-06 22:59:32 +01:00
Fabrizio Salmi
5928ff4210 ci: fix go version and bump to v0.1.3 2025-12-06 22:55:55 +01:00
Fabrizio Salmi
78f0066cb8 docs: update documentation for v0.1.2 (ASN, SOTA, Issues fixed) v0.1.2 2025-12-06 22:53:33 +01:00
Fabrizio Salmi
00c547e2a3 refactor: apply SOTA patterns (Atomic HitCount, Zero-Copy Body, Low-Lock RateLimit) 2025-12-06 22:52:01 +01:00
Fabrizio Salmi
c29a7ce9aa chore: bump version to v0.1.0 v0.1.0 2025-12-06 22:47:03 +01:00
Fabrizio Salmi
eea39d253b Security: Implement hardening improvements (LimitReader, GeoIP Fail-Open, UI Decoupling, Go Version) 2025-12-06 22:46:11 +01:00
Fabrizio Salmi
5d57051169 Style: Fix Code Formatting (go fmt) 2025-12-06 22:39:53 +01:00
Fabrizio Salmi
47e05e907e Fix: Update CI to use test.caddyfile, block Nikto, and use stable GeoIP URL 2025-12-06 22:37:32 +01:00
Fabrizio Salmi
1c9b6a287d Refactor: Fix absolute path in test.caddyfile and resolve TODO in .golangci.yml 2025-12-06 22:28:18 +01:00
Fabrizio Salmi
b3d3d5692c Fix: Address security alerts and bump version to v0.0.9 v0.0.9 2025-12-06 22:26:16 +01:00
fab
a179255b3f Merge pull request #72 from fabriziosalmi/dependabot/go_modules/go_modules-eb6ae95bef 
Bump github.com/smallstep/certificates from 0.28.4 to 0.29.0 in the go_modules group across 1 directory
 2025-12-06 22:19:13 +01:00
Fabrizio Salmi
1da1fea22b Feat: Implement ASN Blocking (#73) 2025-12-06 22:18:10 +01:00
Fabrizio Salmi
34d7a29119 Fix: restore request body after reading (#76) 2025-12-06 22:14:28 +01:00
fab
66685526e5 Merge pull request #75 from cyqlelabs/main 
fix: config initialization
 2025-12-06 22:11:33 +01:00
Nicolas Iglesias
971bc53f8a fix: config initialization 2025-12-06 15:48:28 -03:00
dependabot[bot]
937808048b Bump github.com/smallstep/certificates 
Bumps the go_modules group with 1 update in the / directory: [github.com/smallstep/certificates](https://github.com/smallstep/certificates).


Updates `github.com/smallstep/certificates` from 0.28.4 to 0.29.0
- [Release notes](https://github.com/smallstep/certificates/releases)
- [Changelog](https://github.com/smallstep/certificates/blob/master/CHANGELOG.md)
- [Commits](https://github.com/smallstep/certificates/compare/v0.28.4...v0.29.0)

---
updated-dependencies:
- dependency-name: github.com/smallstep/certificates
  dependency-version: 0.29.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-04 00:56:01 +00:00
fab
b9fe9ddbb3 Merge pull request #71 from fabriziosalmi/dependabot/go_modules/go_modules-dd7da38a6b 
Bump golang.org/x/crypto from 0.43.0 to 0.45.0 in the go_modules group across 1 directory
 2025-12-03 22:32:11 +01:00
dependabot[bot]
db95a9b2ed Bump golang.org/x/crypto in the go_modules group across 1 directory 
Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto).


Updates `golang.org/x/crypto` from 0.43.0 to 0.45.0
- [Commits](https://github.com/golang/crypto/compare/v0.43.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 02:43:20 +00:00
fab
e98fd16392 Merge pull request #70 from drev74/fix/lint 
feat(ci): add golangci-lint to flow
 2025-10-23 15:13:37 +02:00
drev74
65f8c8a62f refactor(ci): add linter to flow 2025-10-22 23:11:44 +03:00
drev74
c8c0fed9e2 fix: lint errors 2025-10-22 23:04:48 +03:00
fab
06a496e3d3 Update WAF version to v0.0.8 v0.0.8 2025-10-20 17:48:43 +02:00
fab
a71b182158 Merge pull request #69 from drev74/fix/caddy-config 
fix: solve integration issue with Caddy server
 2025-10-20 17:43:59 +02:00
drev74
cf7c995137 fix: add trie instantiation on top 
test(it): add blacklisting test with real data
 2025-10-19 22:32:58 +03:00
fabriziosalmi
14e4de4b66 chore: update WAF version to v0.0.7 v0.0.7 2025-10-16 01:03:55 +02:00
fab
8b702b4281 Update test workflow badge in README.md 2025-10-16 01:03:16 +02:00
fabriziosalmi
1c32e928f1 refactor: enhance IP blacklist handling and add panic recovery in middleware 2025-10-16 00:58:51 +02:00
fab
f45e8331cc Refactor IP extraction and handling in get_blacklisted_ip.py 
The Caddy server was panicking on startup due to a data format mismatch.
The `caddy-waf` Go module expects IP addresses in CIDR notation (e.g., `1.2.3.4/32`) for its blacklist, but the `get_blacklisted_ip.py` script was generating a list of plain IPs.

This commit updates the Python script to:
- Append `/32` to all individual IPv4 addresses.
- Append `/128` to all individual IPv6 addresses.
- Preserve existing CIDR ranges from source blocklists.

This ensures the generated `ip_blacklist.txt` is in the correct format required by the Go module, resolving the `netip.ParsePrefix` panic.
 2025-10-16 00:42:00 +02:00
fab
fa7f421773 Merge pull request #67 from drev74/refactor/blocking-priorities 
refactor: blocking priorities
 2025-10-16 00:35:24 +02:00
drev74
1a65ea7049 doc: add priorities to geoblocking 2025-10-14 22:20:02 +03:00
drev74
a77a2d2e36 refactor: update priorities for block/allow actions 2025-10-14 22:13:02 +03:00
fab
63ca645404 Update build-run-validate.yml 2025-10-12 23:59:05 +02:00
fab
1207bd7a6d Merge pull request #65 from drev74/test/blocking 
feat: impl country whitelisting
 2025-10-12 19:33:38 +02:00
drev74
5c8d13199b chore: renamed country block to country blacklisting for consistency 2025-10-12 16:04:26 +03:00
drev74
8be3863b48 feat: impl whitelisting and test 2025-10-12 15:57:33 +03:00
drev74
1e5d6d9e3d test: upd geoIP test 2025-10-12 14:20:43 +03:00
drev74
2e6aa32858 test: refactor custom responses 2025-10-12 13:27:29 +03:00
drev74
145feb4bf8 test: upd ip blacklist test 2025-10-12 13:12:13 +03:00
fab
485c86fdbc Merge pull request #64 from drev74/feat/lint 
feat: add golangci linter rules
 2025-10-11 23:50:47 +02:00
fab
08021ee7e0 Merge pull request #63 from drev74/refactor/ci 
refactor(ci): upd flow
 2025-10-11 23:50:29 +02:00
drev74
27abae69ea feat: add golangci linter rules 2025-10-11 22:36:20 +03:00
drev74
2fffae5d18 refactor(ci): upd flow 2025-10-11 22:16:36 +03:00
fab
8d5af6be5f Merge pull request #62 from drev74/refactor/trie 
refactor: move to external trie
 2025-10-11 09:54:19 +02:00
drev74
7938023ed1 refactor(trie): switched to an ext implementation 2025-10-10 23:50:13 +03:00