Rust bindings and Envoy dynamic module for coraza.
- coraza-sys: Raw bindings to coraza using the official libcoraza library (included as a git submodule) generated with bindgen
- coraza-rs: An idiomatic, safe API built on top of
coraza-sys - coraza-dynamic-module: A dynamic module loadable by Envoy
- Install dependencies (Rust, Golang, and autotools). See the Dockerfile for details.
- Clone the repository with submodules (required for the official libcoraza dependency):
If you've already cloned the repository, initialize and update submodules:
git clone --recursive <repository-url>
git submodule update --init --recursive
- Build the release version:
The dynamic module will be created in the Cargo build cache.
cargo build --release
See the examples directory for a minimal working example with test script.
- Build the Docker image:
docker build -t envoy-with-coraza-module:latest . - Run the end-to-end tests:
cd e2e && go test ./...
FTW (Framework for Testing WAFs) tests validate WAF rule behavior using the OWASP CRS regression test suite.
- Build the Docker image:
docker build -t envoy-with-coraza-module:latest . - Run FTW tests:
cd ftw docker compose build --pull docker compose run --rm ftw
The CRS rules are embedded in Coraza via rootfs, so no manual rule setup is required.