cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

coraza: add second Include for runtime-managed local-overrides.conf

Browse Source
This commit is contained in:
Josh Knapp
2026-05-14 06:51:24 -07:00
parent 753743de20
commit 1f1bc1837e
4 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
coraza-spoa/Dockerfile
View File

@@ -39,6 +39,8 @@ LABEL org.opencontainers.image.title="coraza-spoa-whp" \
COPY --from=build /out/coraza-spoa /coraza-spoa
COPY config.yaml /etc/coraza-spoa/config.yaml
COPY overrides.conf /etc/coraza/overrides.conf
COPY local-overrides.conf /etc/coraza/local-overrides.conf
COPY host-exceptions/ /etc/coraza/host-exceptions/
# Audit log directory — bind-mount /var/log/coraza:/var/log/coraza from host
# so logs persist across container restarts and AI Monitor can tail them.

3
coraza-spoa/config.yaml
View File

@@ -34,6 +34,9 @@ applications:
# to see exactly what blocks vs what's detect-only.
Include /etc/coraza/overrides.conf
# Runtime-managed overrides written by WHP UI. Empty by default.
Include /etc/coraza/local-overrides.conf
# Global mode: log all alerts, block only what overrides.conf
# explicitly promotes via ctl:ruleEngine=On.
SecRuleEngine DetectionOnly

0
coraza-spoa/host-exceptions/.gitkeep Normal file
View File

3
coraza-spoa/local-overrides.conf Normal file
View File

@@ -0,0 +1,3 @@
# AUTOGENERATED by WHP — do not hand-edit.
# Source of truth: whp.security_db coraza_rule_overrides table.
# Empty file = no runtime overrides; baked-in overrides.conf governs.