config vhost and dd rules modsecurity on volumen

2022-11-18 16:27:14 +00:00 · 2022-11-18 16:27:14 +00:00 · d3c78c5bb0
parent 5f1d0acf27
commit d3c78c5bb0
5 changed files with 17 additions and 8 deletions
--- a/6
+++ b/6
@ -75,6 +75,8 @@ Generate .orig and .patch files to compare with upstream: ./dd-ctl genpatches
 	                  Start the project when stopped: ./dd-ctl up
 	                                 Upgrade plugins: ./dd-ctl upgrade-plugins
 	         Regenerate docker-compose.yml from conf: ./dd-ctl yml
                 Regenerate docker-compose.yml from conf: ./dd-ctl disable-waf
                 Regenerate docker-compose.yml from conf: ./dd-ctl enable-waf
 	EOF
 }
@ -875,7 +877,7 @@ special_image_tags() {
 enable_waf() {
        # Enable waf
 	echo "Enable rules ModSecurity"
-        docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-enabled/000-default.conf'
+        docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity Off/modsecurity On/" /etc/apache2/sites-available/000-default.conf'
 	echo "Done"
 	echo "Restart Apache - ModSecurity"
 	docker restart dd-waf-apache
@ -885,7 +887,7 @@ enable_waf() {
 disable_waf() {
        # Enable waf
        echo "Disable rules ModSecurity"
-        docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-enabled/000-default.conf'
+        docker exec dd-waf-apache bash -c 'sed -i.orig -e "s/modsecurity On/modsecurity Off/" /etc/apache2/sites-available/000-default.conf'
        echo "Done"
        echo "Restart Apache - ModSecurity"
        docker restart dd-waf-apache
--- a/dd-waf/docker-compose-parts/modsecurity.yml
+++ b/dd-waf/docker-compose-parts/modsecurity.yml
@ -10,6 +10,7 @@ services:
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
-      - ${SRC_FOLDER}/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw
+      - ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/rules:/etc/apache2/modsecurity.d/dd-rules:rw
      - ${BUILD_WAF_ROOT_PATH}/docker/modsecurity/vhosts:/etc/apache2/sites-available:rw
    networks:
      - dd_net
--- a/dd-waf/docker/modsecurity/Dockerfile
+++ b/dd-waf/docker/modsecurity/Dockerfile
@ -50,12 +50,14 @@ ADD crs-setup.conf /etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf
 # Activate ModSecurity
 RUN mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.old
-ADD 000-default.conf /etc/apache2/sites-available/
+#ADD 000-default.conf /etc/apache2/sites-available/
-ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf
+#ADD rules_apps.conf /etc/apache2/modsecurity.d/owasp-crs/rules/000-dd-apps.conf
 RUN a2enmod proxy_http
-EXPOSE 80
+#EXPOSE 80
 #USER www-data
 #HEALTHCHECK --interval=5s --timeout=3s CMD curl --fail http://localhost || exit 1
 CMD apachectl -D FOREGROUND
 # Testing ModSecurity
--- a/dd-waf/docker/modsecurity/rules/dd_rules.conf
+++ b/dd-waf/docker/modsecurity/rules/dd_rules.conf
@ -0,0 +1,4 @@
 Include "/etc/apache2/modsecurity.d/modsecurity.conf"
 Include "/etc/apache2/modsecurity.d/owasp-crs/crs-setup.conf"
 Include "/etc/apache2/modsecurity.d/dd-rules/*.conf"
 Include "/etc/apache2/modsecurity.d/owasp-crs/rules/*.conf"
--- a/dd-waf/docker/modsecurity/vhosts/000-default.conf
+++ b/dd-waf/docker/modsecurity/vhosts/000-default.conf
@ -1,5 +1,5 @@
 <VirtualHost *:80>
-	modsecurity Off
+	modsecurity On
 	modsecurity_rules_file /etc/apache2/modsecurity.d/modsec_rules.conf
 	ServerAdmin webmaster@localhost
 	DocumentRoot /var/www/html