Skip to main content

Step-by-Step Guide: Integrating Coraza WAF Plugin with Traefik on Docker Swarm

GitHub-logo.pngcoroza.pnglogo-traefik-proxy-logo.png

Prerequisites

  • A working Docker Swarm cluster.
  • Traefik configured on the management_net overlay network.
  • Basic knowledge of Traefik’s static and dynamic configuration files.

Part 1: Adding the Coraza WAF Plugin to Traefik

We will integrate the Coraza WAF plugin into Traefik to block access to a specific path (/admin) and log denied requests.

Step 1: Modify the static.toml Configuration

The first step is to enable the Coraza WAF plugin in the Traefik static configuration (static.toml file). This file defines the essential settings for Traefik and is loaded at startup.

[experimental.plugins]
  [experimental.plugins.coraza]
    moduleName = "github.com/jcchavezs/coraza-http-wasm-traefik"
    version = "v0.2.2"

This enables the Coraza WAF plugin for Traefik.

Step 2: Configure Middleware in the dynamic.toml

Next, define the Coraza WAF middleware in the dynamic.toml file. This middleware will block access to /admin and log the event.

[http.middlewares]
  [http.middlewares.coraza-waf.plugin.coraza]
    directives = [
      "SecRuleEngine On",
      "SecDebugLog /dev/stdout",
      "SecDebugLogLevel 9",
      "SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,log,deny,status:403\""
    ]
  • SecRuleEngine On: Activates the WAF engine.
  • SecRule REQUEST_URI "@streq /admin": This checks if the request URI matches /admin.
  • Action: If it matches, the WAF logs the attempt and denies access with a 403 Forbidden response.

Step 3: Deploy the Middleware on Docker Swarm

Now, let's create a docker-compose.yml file to deploy Traefik and its services in Docker Swarm, with 1 replica running on the management_net network. With the Static & Dynamic Configs in the Glustermount.

This is an Example on how to Implement the Middleware into an Example Service called "whoami".

  whoami:
    image: traefik/whoami
    networks:
      - management_net
    deploy:
      replicas: 1
      labels:
        - "traefik.http.routers.whoami.rule=Host(`whoami.aeoneros.com`)"
        - "traefik.http.middlewares.coraza-waf.plugin.coraza.directives"

Deploy the stack to Docker Swarm with the following command:

docker stack deploy -c docker-compose.yml waf_stack

This will deploy Whoami as a Service in Docker Swarm with the Coraza WAF middleware applied.

Back to top