diff --git a/dd-ctl b/dd-ctl index 61d0594..f293cd6 100755 --- a/dd-ctl +++ b/dd-ctl @@ -75,6 +75,8 @@ Generate .orig and .patch files to compare with upstream: ./dd-ctl genpatches Start the project when stopped: ./dd-ctl up Upgrade plugins: ./dd-ctl upgrade-plugins Regenerate docker-compose.yml from conf: ./dd-ctl yml + Regenerate docker-compose.yml from conf: ./dd-ctl disable-waf + Regenerate docker-compose.yml from conf: ./dd-ctl enable-waf EOF } @@ -875,7 +877,7 @@ special_image_tags() { enable_waf() { # Enable waf echo "Enable rules ModSecurity" - docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-enabled/000-default.conf' + docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-available/000-default.conf' echo "Done" echo "Restart Apache - ModSecurity" docker restart dd-waf-apache @@ -885,7 +887,7 @@ enable_waf() { disable_waf() { # Enable waf echo "Disable rules ModSecurity" - docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-enabled/000-default.conf' + docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-available/000-default.conf' echo "Done" echo "Restart Apache - ModSecurity" docker restart dd-waf-apache diff --git a/dd-waf/docker-compose-parts/modsecurity.yml b/dd-waf/docker-compose-parts/modsecurity.yml index 3ef1ac7..e8bc814 100644 --- a/dd-waf/docker-compose-parts/modsecurity.yml +++ b/dd-waf/docker-compose-parts/modsecurity.yml @@ -10,6 +10,7 @@ services: restart: unless-stopped volumes: - /etc/localtime:/etc/localtime:ro - - ${SRC_FOLDER}/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw + - ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw + - ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/vhosts:/etc/apache2/sites-available:rw networks: - dd_net diff --git a/dd-waf/docker/modsecurity/Dockerfile b/dd-waf/docker/modsecurity/Dockerfile index 5c933c1..fd4203e 100644 --- a/dd-waf/docker/modsecurity/Dockerfile +++ b/dd-waf/docker/modsecurity/Dockerfile @@ -50,12 +50,14 @@ ADD crs-setup.conf /etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf # Activate ModSecurity RUN mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old -ADD 000-default.conf /etc/apache2/sites-available/ -ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf +#ADD 000-default.conf /etc/apache2/sites-available/ +#ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf RUN a2enmod proxy_http -EXPOSE 80 +#EXPOSE 80 +#USER www-data +#HEALTHCHECK --interval=5s --timeout=3s CMD curl --fail http://localhost || exit 1 CMD apachectl -D FOREGROUND # Testing ModSecurity diff --git a/dd-waf/docker/modsecurity/rules/dd_rules.conf b/dd-waf/docker/modsecurity/rules/dd_rules.conf new file mode 100644 index 0000000..0b710b9 --- /dev/null +++ b/dd-waf/docker/modsecurity/rules/dd_rules.conf @@ -0,0 +1,4 @@ +Include "/etc/apache2/modsecurity.d/modsecurity.conf" +Include "/etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf" +Include "/etc/apache2/modsecurity.d/dd-rules/*.conf" +Include "/etc/apache2/modsecurity.d/owasp-crs/rules/*.conf" diff --git a/dd-waf/docker/modsecurity/000-default.conf b/dd-waf/docker/modsecurity/vhosts/000-default.conf similarity index 94% rename from dd-waf/docker/modsecurity/000-default.conf rename to dd-waf/docker/modsecurity/vhosts/000-default.conf index 32ca2d0..def4c82 100644 --- a/dd-waf/docker/modsecurity/000-default.conf +++ b/dd-waf/docker/modsecurity/vhosts/000-default.conf @@ -1,6 +1,6 @@ - modsecurity Off - modsecurity_rules_file /etc/apache2/modsecurity.d/modsec_rules.conf + modsecurity On + modsecurity_rules_file /etc/apache2/modsecurity.d/modsec_rules.conf ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog /var/log/apache2/error.log