EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

WAF translation

merge-requests/85/head
Aleix Quintana Alsius 2023-04-23 17:23:42 +00:00
parent b63cb092f9
commit 54bf31a066
1 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
docs/waf-modsecurity.md Normal file
View File

@ -0,0 +1,46 @@
# DD - Apache2 ModSecurity + HAProxy
Installation of Apache2 ModSecurity and HAProxy.
* In Apache2 with ModSecurity V3 enabled are included the OWASP rules.
* HAProxy service acts as application frontend and administers and negotiates the SSL domain certificate using Letsencrypt.
* Modsecurity is disabled by default when installing DD.
* The installation can be done with or without WAF part.
* If you have installed WAF you can set in bypass mode or enabled mode.
## Apache - ModSecurity
You can find the service definition in `dd-sso/docker/waf-modsecurity`.
There are different files to set up this service:
* `000-default.conf` contains Apache2 web service settings.
* `crs-setup.conf` is where is configured the OWASP ModSecurity Core Rule Set ver.3.2.0 .
* `modsec_rules.conf` contains the needed files for owasp service of Apache2.
* `rules_apps.conf` is where are configured the false positives, of different applications, that needs to be detected until the moment.
### Enable/Disable
DD can be used with WAF enabled or disabled, this is set in variable `DISABLE_WAF` in `dd.conf` file.
The default value is `true` (WAF disabled), this will change in the future.
```
# Sample of dd.conf
# Enable WAF
DISABLE_WAF=false
# Disable WAF
DISABLE_WAF=true
```
### Configuration
Changes in `dd.conf` are not immediate, you need to deploy again the DD containers using `dd-ctl`:
```sh
./dd-ctl down
./dd-ctl build
./dd-ctl up
```