mirror of
https://github.com/fabriziosalmi/caddy-waf.git
synced 2025-12-23 14:17:45 -05:00
75 lines
1.7 KiB
Plaintext
75 lines
1.7 KiB
Plaintext
# Example Caddyfile showing caddy-waf module usage
|
|
# This is a basic configuration example for the Caddy WAF middleware
|
|
|
|
{
|
|
auto_https off
|
|
admin localhost:2019
|
|
}
|
|
|
|
# Example 1: Basic WAF setup
|
|
example.com {
|
|
# Enable WAF protection with basic configuration
|
|
waf {
|
|
# Rule file for WAF rules
|
|
rule_file rules.json
|
|
|
|
# IP blacklist file
|
|
ip_blacklist_file ip_blacklist.txt
|
|
|
|
# DNS blacklist file
|
|
dns_blacklist_file dns_blacklist.txt
|
|
|
|
# Metrics endpoint
|
|
metrics_endpoint /waf_metrics
|
|
|
|
# Anomaly threshold
|
|
anomaly_threshold 10
|
|
|
|
# Log settings
|
|
log_level info
|
|
log_file waf.log
|
|
}
|
|
|
|
# Your web application
|
|
respond "Hello, World! Protected by Caddy WAF"
|
|
}
|
|
|
|
# Example 2: Advanced WAF configuration with rate limiting
|
|
api.example.com {
|
|
waf {
|
|
rule_file rules.json
|
|
ip_blacklist_file ip_blacklist.txt
|
|
dns_blacklist_file dns_blacklist.txt
|
|
metrics_endpoint /waf_metrics
|
|
|
|
# Rate limiting configuration
|
|
rate_limit {
|
|
requests 100
|
|
window 10s
|
|
paths "/api/*" "/admin/*"
|
|
}
|
|
|
|
# Country blocking
|
|
country_block {
|
|
enabled true
|
|
countries CN RU
|
|
geoip_db_path GeoLite2-Country.mmdb
|
|
}
|
|
|
|
# Custom response for blocked requests
|
|
custom_response {
|
|
status_code 403
|
|
body "Access Denied by WAF"
|
|
}
|
|
|
|
# Anomaly threshold
|
|
anomaly_threshold 15
|
|
|
|
# Logging
|
|
log_level debug
|
|
log_file api_waf.log
|
|
log_json true
|
|
}
|
|
|
|
reverse_proxy localhost:8080
|
|
} |