Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to protect Metasploitable using Apache ModSecurity image #305

Open
slava110 opened this issue Dec 7, 2024 · 0 comments
Open

Unable to protect Metasploitable using Apache ModSecurity image #305

slava110 opened this issue Dec 7, 2024 · 0 comments

Comments

@slava110
Copy link

slava110 commented Dec 7, 2024

Hi. I've set up Metasploitable 2 (intentionally exploitable VM image) in a VM connected using bridged network to host. Then I run nmap vulnerability check script using nmap -sV --script vulners <target>. It discovered a bunch of vulnerabilities in VM as it should. Then I started Docker containers with ModSecurity Apache and ModSecurity Nginx using these commands:
docker run -d --name modsec-apache -p 80:8080 -e BACKEND=http://192.168.0.104:80 owasp/modsecurity-crs:apache
docker run -d --name modsec-nginx -p 90:8080 -e BACKEND=http://192.168.0.104:80 owasp/modsecurity-crs:nginx
And run nmap vulnerability tests on localhost
nmap detected multiple vulnerabilities on port 80, but none on port 90.
Does modsecurity-apache protect backend host or do I need to change some settings for it to work?
I've tried setting PORT environment variable, it didn't help (set it to 8080).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@slava110