coraza-caddy is working on sandbox ?

[Barnoux]

Describe the bug

I aimed to troubleshoot a false positive for a CRS rule on my coraza-caddy instance and wished to compare my results with the sandbox proposed by OWASP. However, when doing the query, in the response header of the server, it appears that the backend is marked as invalid, leading to a fallback to Apache Nightly.

open a terminal in Linux, and run this command line

curl -v -H "x-backend: coraza-caddy"   -H "x-format-output: json-matched-rules"   -H "x-crs-paranoia-level: 3"   https://sandbox.coreruleset.org/?file=/etc/passwd | jq .

Expected behaviour

We should have a reponse processed by coraza-caddy

Actual behaviour

After running the previous command, i got in the following response from the sandbox server :

> GET /?file=/etc/passwd HTTP/1.1
> Host: sandbox.coreruleset.org
> User-Agent: curl/7.88.1
> Accept: */*
> x-backend: coraza-caddy
> x-format-output: json-matched-rules
> x-crs-paranoia-level: 3
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [124 bytes data]
< HTTP/1.1 200 OK
< Date: Sun, 03 Mar 2024 20:58:26 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Unique-ID: ZeTkclGUhYyF4lJGamKOXQAAAMs
< x-backend: invalid, fallback to apache-nightly

[fzipi]

Not yet, I need to work on it.

[fzipi]

Started to work on this one, expect news for next monthly meeting (June).