config vhost and dd rules modsecurity on volumen
parent
5f1d0acf27
commit
d3c78c5bb0
6
dd-ctl
6
dd-ctl
|
@ -75,6 +75,8 @@ Generate .orig and .patch files to compare with upstream: ./dd-ctl genpatches
|
||||||
Start the project when stopped: ./dd-ctl up
|
Start the project when stopped: ./dd-ctl up
|
||||||
Upgrade plugins: ./dd-ctl upgrade-plugins
|
Upgrade plugins: ./dd-ctl upgrade-plugins
|
||||||
Regenerate docker-compose.yml from conf: ./dd-ctl yml
|
Regenerate docker-compose.yml from conf: ./dd-ctl yml
|
||||||
|
Regenerate docker-compose.yml from conf: ./dd-ctl disable-waf
|
||||||
|
Regenerate docker-compose.yml from conf: ./dd-ctl enable-waf
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -875,7 +877,7 @@ special_image_tags() {
|
||||||
enable_waf() {
|
enable_waf() {
|
||||||
# Enable waf
|
# Enable waf
|
||||||
echo "Enable rules ModSecurity"
|
echo "Enable rules ModSecurity"
|
||||||
docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-enabled/000-default.conf'
|
docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-available/000-default.conf'
|
||||||
echo "Done"
|
echo "Done"
|
||||||
echo "Restart Apache - ModSecurity"
|
echo "Restart Apache - ModSecurity"
|
||||||
docker restart dd-waf-apache
|
docker restart dd-waf-apache
|
||||||
|
@ -885,7 +887,7 @@ enable_waf() {
|
||||||
disable_waf() {
|
disable_waf() {
|
||||||
# Enable waf
|
# Enable waf
|
||||||
echo "Disable rules ModSecurity"
|
echo "Disable rules ModSecurity"
|
||||||
docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-enabled/000-default.conf'
|
docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-available/000-default.conf'
|
||||||
echo "Done"
|
echo "Done"
|
||||||
echo "Restart Apache - ModSecurity"
|
echo "Restart Apache - ModSecurity"
|
||||||
docker restart dd-waf-apache
|
docker restart dd-waf-apache
|
||||||
|
|
|
@ -10,6 +10,7 @@ services:
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
- ${SRC_FOLDER}/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw
|
- ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw
|
||||||
|
- ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/vhosts:/etc/apache2/sites-available:rw
|
||||||
networks:
|
networks:
|
||||||
- dd_net
|
- dd_net
|
||||||
|
|
|
@ -50,12 +50,14 @@ ADD crs-setup.conf /etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf
|
||||||
|
|
||||||
# Activate ModSecurity
|
# Activate ModSecurity
|
||||||
RUN mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old
|
RUN mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old
|
||||||
ADD 000-default.conf /etc/apache2/sites-available/
|
#ADD 000-default.conf /etc/apache2/sites-available/
|
||||||
ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf
|
#ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf
|
||||||
|
|
||||||
RUN a2enmod proxy_http
|
RUN a2enmod proxy_http
|
||||||
|
|
||||||
EXPOSE 80
|
#EXPOSE 80
|
||||||
|
#USER www-data
|
||||||
|
#HEALTHCHECK --interval=5s --timeout=3s CMD curl --fail http://localhost || exit 1
|
||||||
CMD apachectl -D FOREGROUND
|
CMD apachectl -D FOREGROUND
|
||||||
|
|
||||||
# Testing ModSecurity
|
# Testing ModSecurity
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
Include "/etc/apache2/modsecurity.d/modsecurity.conf"
|
||||||
|
Include "/etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf"
|
||||||
|
Include "/etc/apache2/modsecurity.d/dd-rules/*.conf"
|
||||||
|
Include "/etc/apache2/modsecurity.d/owasp-crs/rules/*.conf"
|
|
@ -1,5 +1,5 @@
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
modsecurity Off
|
modsecurity On
|
||||||
modsecurity_rules_file /etc/apache2/modsecurity.d/modsec_rules.conf
|
modsecurity_rules_file /etc/apache2/modsecurity.d/modsec_rules.conf
|
||||||
ServerAdmin webmaster@localhost
|
ServerAdmin webmaster@localhost
|
||||||
DocumentRoot /var/www/html
|
DocumentRoot /var/www/html
|
Loading…
Reference in New Issue