Pass error details to PHP

[Simbiat]

Is it possible to somehow pass the error details to PHP, when request is interrupted by Coraza? I hoped that {http.err.message} would have something, but it seems to show only generic interruption triggered. I have custom error pages generated by PHP, and I want to customize them if it's Coraza that interrupts request. I was not able to find anything in documentation or anything obvious in code.

[jcchavezs]

Good question. What do you expect to see here and what do you expect it to show? Right now we return a static error https://github.com/corazawaf/coraza-caddy/blob/main/coraza.go#L95

[Simbiat]

I would prefer to see what rule(s) was triggered. Something similar to what https://sandbox.coreruleset.org/ returns when it blocks a request.

[jptosso]

Coraza processes the response after PHP has finished. You won't be able to access the variables synchronously.
Also, if Coraza aborts, PHP will lose control of the response, and you won't be able to run any code.
The only way would be to use Coraza to redirect the user to an error page and use the transaction ID to retrieve the errors somehow
I personally suggest you use custom error pages from Caddy

[Simbiat]

I guess I am a magician then, since with my config I am able to get {http.err.message} which I pass to PHP and I can react to it, if needed, but I always get interruption triggered. For example send some POST request with system() to https://www.simbiat.dev/api/fftracker/characters and you will get

{
  "status": 403,
  "reason": "interruption triggered"
}

Which is coming from my PHP code. But again this is not useful, since it's too generic and in some cases difficult to debug to get understanding what exactly blocked the request and why, hence this ticket was raised.