-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #171 from coreruleset/develop
New image with latest changes
- Loading branch information
Showing
9 changed files
with
25 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -99,6 +99,7 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \ | |
MODSEC_RESP_BODY_LIMIT_ACTION="ProcessPartial" \ | ||
MODSEC_RESP_BODY_MIMETYPE="text/plain text/html text/xml" \ | ||
MODSEC_RULE_ENGINE=on \ | ||
MODSEC_SERVER_SIGNATURE="Apache" \ | ||
MODSEC_STATUS_ENGINE="Off" \ | ||
MODSEC_TAG=modsecurity \ | ||
MODSEC_TMP_DIR=/tmp/modsecurity/tmp \ | ||
|
@@ -118,6 +119,8 @@ ENV APACHE_ALWAYS_TLS_REDIRECT=off \ | |
REQ_HEADER_FORWARDED_PROTO='https' \ | ||
SERVER_ADMIN=root@localhost \ | ||
SERVER_NAME=localhost \ | ||
SERVER_SIGNATURE=Off \ | ||
SERVER_TOKENS=Full \ | ||
SSL_CIPHER_SUITE="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \ | ||
SSL_ENGINE=on \ | ||
SSL_HONOR_CIPHER_ORDER=off \ | ||
|
@@ -173,7 +176,8 @@ RUN set -eux; \ | |
mkdir -p /var/log/apache2/; \ | ||
ln -s /opt/owasp-crs /etc/modsecurity.d/; \ | ||
sed -i -E 's|(Listen) [0-9]+|\1 ${PORT}|' /usr/local/apache2/conf/httpd.conf; \ | ||
sed -i -E 's|(ServerTokens) Full|\1 Prod|' /usr/local/apache2/conf/extra/httpd-default.conf; \ | ||
sed -i -E 's|(ServerTokens) Full|\1 ${SERVER_TOKENS}|' /usr/local/apache2/conf/extra/httpd-default.conf; \ | ||
sed -i -E 's|(ServerSignature) Off|\1 ${SERVER_SIGNATURE}|' /usr/local/apache2/conf/extra/httpd-default.conf; \ | ||
sed -i -E 's|#(ServerName) www.example.com:80|\1 ${SERVER_NAME}|' /usr/local/apache2/conf/httpd.conf; \ | ||
sed -i -E 's|(ServerAdmin) [email protected]|\1 ${SERVER_ADMIN}|' /usr/local/apache2/conf/httpd.conf; \ | ||
sed -i -E 's|^(\s*CustomLog)(\s+\S+)+|\1 ${ACCESSLOG} modsec "env=!nologging"|g' /usr/local/apache2/conf/httpd.conf; \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ ARG NGINX_VERSION="1.24.0" | |
|
||
FROM nginx:${NGINX_VERSION} as build | ||
|
||
ARG MODSEC_VERSION=3.0.8 \ | ||
ARG MODSEC_VERSION=3.0.10 \ | ||
LMDB_VERSION=0.9.29 | ||
|
||
# Note: libpcre3-dev (PCRE 1) is required by the build description, | ||
|
@@ -95,7 +95,7 @@ RUN set -eux; \ | |
|
||
FROM nginx:${NGINX_VERSION} | ||
|
||
ARG MODSEC_VERSION=3.0.8 \ | ||
ARG MODSEC_VERSION=3.0.10 \ | ||
LMDB_VERSION=0.9.29 | ||
|
||
LABEL maintainer="Felipe Zipitria <[email protected]>" | ||
|
@@ -152,6 +152,7 @@ ENV ACCESSLOG=/var/log/nginx/access.log \ | |
PROXY_SSL_VERIFY=off \ | ||
PROXY_SSL_OCSP_STAPLING=off \ | ||
SERVER_NAME=localhost \ | ||
SERVER_TOKENS=off \ | ||
SSL_PORT=443 \ | ||
TIMEOUT=60s \ | ||
WORKER_CONNECTIONS=1024 \ | ||
|
@@ -177,8 +178,7 @@ COPY src/etc/modsecurity.d/setup.conf /etc/nginx/templates/modsecurity.d/setup.c | |
COPY nginx/docker-entrypoint.d/*.sh /docker-entrypoint.d/ | ||
COPY src/opt/modsecurity/activate-plugins.sh /docker-entrypoint.d/94-activate-plugins.sh | ||
COPY src/opt/modsecurity/activate-rules.sh /docker-entrypoint.d/95-activate-rules.sh | ||
# We use the templating mechanism from the nginx image here, | ||
# as set up by owasp/modsecurity-docker | ||
# We use the templating mechanism from the nginx image here. | ||
COPY nginx/templates /etc/nginx/templates/ | ||
COPY src/bin/* /usr/local/bin/ | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ ARG NGINX_VERSION="1.24.0" | |
|
||
FROM nginx:${NGINX_VERSION}-alpine as build | ||
|
||
ARG MODSEC_VERSION=3.0.9 | ||
ARG MODSEC_VERSION=3.0.10 | ||
|
||
# Note: pcre-dev (PCRE 1) is required by the build description, | ||
# even though the build will use PCRE2. | ||
|
@@ -90,7 +90,7 @@ RUN set -eux; \ | |
|
||
FROM nginx:${NGINX_VERSION}-alpine | ||
|
||
ARG MODSEC_VERSION=3.0.9 | ||
ARG MODSEC_VERSION=3.0.10 | ||
|
||
LABEL maintainer="Felipe Zipitria <[email protected]>" | ||
|
||
|
@@ -146,6 +146,7 @@ ENV ACCESSLOG=/var/log/nginx/access.log \ | |
PROXY_SSL_VERIFY=off \ | ||
PROXY_SSL_OCSP_STAPLING=off \ | ||
SERVER_NAME=localhost \ | ||
SERVER_TOKENS=off \ | ||
SSL_PORT=443 \ | ||
TIMEOUT=60s \ | ||
WORKER_CONNECTIONS=1024 \ | ||
|
@@ -165,8 +166,7 @@ COPY --from=build /usr/share/TLS/dhparam-* /etc/ssl/certs/ | |
COPY --from=build /etc/modsecurity.d/unicode.mapping /etc/modsecurity.d/unicode.mapping | ||
COPY --from=build /etc/modsecurity.d/modsecurity.conf /etc/modsecurity.d/modsecurity.conf | ||
COPY --from=crs_release /opt/owasp-crs /opt/owasp-crs | ||
# We use the templating mechanism from the nginx image here, | ||
# as set up by owasp/modsecurity-docker | ||
# We use the templating mechanism from the nginx image here. | ||
COPY nginx/templates /etc/nginx/templates/ | ||
COPY src/etc/modsecurity.d/modsecurity-override.conf /etc/nginx/templates/modsecurity.d/modsecurity-override.conf.template | ||
COPY src/etc/modsecurity.d/setup.conf /etc/nginx/templates/modsecurity.d/setup.conf.template | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters