I'm trying to point to /etc/envoy/coraza-proxy.conf in my envoy proxy config:
- name: envoy.filters.http.wasm
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm
config:
name: coraza-wasm
root_id: coraza
vm_config:
runtime: envoy.wasm.runtime.v8
code:
local:
filename: /etc/envoy/coraza-proxy-wasm.wasm
configuration:
"@type": type.googleapis.com/google.protobuf.StringValue
value: |
{
"directives_map": {
"default": [
"Include /etc/envoy/coraza-proxy.conf",
]
},
"default_directives": "default"
}But I'm ending up with:
[2026-02-06 16:07:52.850][1][critical][wasm] [source/extensions/common/wasm/context.cc:1159] wasm log coraza: Failed to parse directives: invalid WAF config from string: failed to readfile: read /etc/envoy/coraza-proxy.conf: invalid argument
When I change to a non-existing file, it gives another error, so that must not be it. When I keep the file empty or just with a simple SecRuleEngine On line, it gives the same invalid argument message. My .wasm file is also at the same location, which has identical permission structure.
Is this supported and am I doing something wrong?
I'm trying to point to
/etc/envoy/coraza-proxy.confin my envoy proxy config:But I'm ending up with:
When I change to a non-existing file, it gives another error, so that must not be it. When I keep the file empty or just with a simple
SecRuleEngine Online, it gives the sameinvalid argumentmessage. My.wasmfile is also at the same location, which has identical permission structure.Is this supported and am I doing something wrong?