From cf044185ac9e5120bf2df346fdb1976ca4d8de90 Mon Sep 17 00:00:00 2001
From: AnsibleGuy <guy@ansibleguy.net>
Date: Sat, 28 Dec 2024 17:39:14 +0100
Subject: [PATCH] coraza waf fixes

---
 README.md                                    | 1 +
 tasks/debian/app.yml                         | 5 +++--
 templates/etc/haproxy/waf-coraza-spoe.cfg.j2 | 5 ++++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index b0a418c..af557f9 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,7 @@ http-request set-var(txn.waf_app) str(app1) if { req.hdr(host) -i -m str ansible
 http-request set-var(txn.waf_app) str(default) if !{ var(txn.waf_app) -m found }
 
 filter spoe engine coraza config /etc/haproxy/waf-coraza-spoe.cfg
+http-request send-spoe-group coraza coraza-req
 ```
 
 ### Result
diff --git a/tasks/debian/app.yml b/tasks/debian/app.yml
index c8499f8..2e05978 100644
--- a/tasks/debian/app.yml
+++ b/tasks/debian/app.yml
@@ -25,8 +25,9 @@
     mode: 0750
 
 - name: "HAProxy WAF | Apps | {{ waf_app_name }} | Add rules {{ waf_app.ruleset_version }}"
-  ansible.builtin.command: |
-    cp -r {{ waf_app_rules_default_dir }}/rules/@owasp_crs {{ crs_dir }}
+  ansible.builtin.shell: |
+    cp -r {{ waf_app_rules_default_dir }}/rules/@owasp_crs {{ crs_dir }} &&
+    chown -R root:{{ WAF_HC.user }} {{ crs_dir }}
   args:
     creates: "{{ crs_dir }}"
   vars:
diff --git a/templates/etc/haproxy/waf-coraza-spoe.cfg.j2 b/templates/etc/haproxy/waf-coraza-spoe.cfg.j2
index 00db542..7aac3f3 100644
--- a/templates/etc/haproxy/waf-coraza-spoe.cfg.j2
+++ b/templates/etc/haproxy/waf-coraza-spoe.cfg.j2
@@ -8,6 +8,7 @@ spoe-agent coraza-agent
 {% else %}
     messages    coraza-req
 {% endif %}
+    groups      coraza-req
     option      var-prefix      {{ WAF_CONFIG.spoa.var_prefix }}
     option      set-on-error    error
     timeout     hello           {{ WAF_CONFIG.spoa.timeout.hello }}
@@ -18,7 +19,9 @@ spoe-agent coraza-agent
 
 spoe-message coraza-req
     args app=var({{ WAF_HC.app_var }}) src-ip=src src-port=src_port dst-ip=dst dst-port=dst_port method=method path=path query=query version=req.ver headers=req.hdrs body=req.body
-    event on-backend-http-request
+
+spoe-group coraza-req
+    messages coraza-req
 
 {% if WAF_CONFIG.response_check | bool %}
 spoe-message coraza-res