config vhost and dd rules modsecurity on volumen

GON-3874-DD-moodle
Manuel Caballero 2022-11-18 16:27:14 +00:00 committed by Evilham
parent 5f1d0acf27
commit d3c78c5bb0
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
5 changed files with 17 additions and 8 deletions

6
dd-ctl
View File

@ -75,6 +75,8 @@ Generate .orig and .patch files to compare with upstream: ./dd-ctl genpatches
Start the project when stopped: ./dd-ctl up Start the project when stopped: ./dd-ctl up
Upgrade plugins: ./dd-ctl upgrade-plugins Upgrade plugins: ./dd-ctl upgrade-plugins
Regenerate docker-compose.yml from conf: ./dd-ctl yml Regenerate docker-compose.yml from conf: ./dd-ctl yml
Regenerate docker-compose.yml from conf: ./dd-ctl disable-waf
Regenerate docker-compose.yml from conf: ./dd-ctl enable-waf
EOF EOF
} }
@ -875,7 +877,7 @@ special_image_tags() {
enable_waf() { enable_waf() {
# Enable waf # Enable waf
echo "Enable rules ModSecurity" echo "Enable rules ModSecurity"
docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-enabled/000-default.conf' docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-available/000-default.conf'
echo "Done" echo "Done"
echo "Restart Apache - ModSecurity" echo "Restart Apache - ModSecurity"
docker restart dd-waf-apache docker restart dd-waf-apache
@ -885,7 +887,7 @@ enable_waf() {
disable_waf() { disable_waf() {
# Enable waf # Enable waf
echo "Disable rules ModSecurity" echo "Disable rules ModSecurity"
docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-enabled/000-default.conf' docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-available/000-default.conf'
echo "Done" echo "Done"
echo "Restart Apache - ModSecurity" echo "Restart Apache - ModSecurity"
docker restart dd-waf-apache docker restart dd-waf-apache

View File

@ -10,6 +10,7 @@ services:
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
- ${SRC_FOLDER}/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw - ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw
- ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/vhosts:/etc/apache2/sites-available:rw
networks: networks:
- dd_net - dd_net

View File

@ -50,12 +50,14 @@ ADD crs-setup.conf /etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf
# Activate ModSecurity # Activate ModSecurity
RUN mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old RUN mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old
ADD 000-default.conf /etc/apache2/sites-available/ #ADD 000-default.conf /etc/apache2/sites-available/
ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf #ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf
RUN a2enmod proxy_http RUN a2enmod proxy_http
EXPOSE 80 #EXPOSE 80
#USER www-data
#HEALTHCHECK --interval=5s --timeout=3s CMD curl --fail http://localhost || exit 1
CMD apachectl -D FOREGROUND CMD apachectl -D FOREGROUND
# Testing ModSecurity # Testing ModSecurity

View File

@ -0,0 +1,4 @@
Include "/etc/apache2/modsecurity.d/modsecurity.conf"
Include "/etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf"
Include "/etc/apache2/modsecurity.d/dd-rules/*.conf"
Include "/etc/apache2/modsecurity.d/owasp-crs/rules/*.conf"

View File

@ -1,5 +1,5 @@
<VirtualHost *:80> <VirtualHost *:80>
modsecurity Off modsecurity On
modsecurity_rules_file /etc/apache2/modsecurity.d/modsec_rules.conf modsecurity_rules_file /etc/apache2/modsecurity.d/modsec_rules.conf
ServerAdmin webmaster@localhost ServerAdmin webmaster@localhost
DocumentRoot /var/www/html DocumentRoot /var/www/html