forked from coreruleset/modsecurity-crs-docker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yaml
97 lines (89 loc) · 4.21 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# This docker-compose file starts owasp/modsecurity-crs
#
# ATTENTION!
# Some of the environment variables at the bottom of this
# docker-compose.yaml file and TLS are only available
# for self-built images based on Dockerfile-2.9-apache,
# and only if build args SETTLS and SETPROXY were set during
# the build of the parent owasp/modsecurity:2.9-apache image.
x-defaults: &default-settings
environment:
SERVERNAME: localhost
#############################################
# CRS Variables
#############################################
# Paranoia Level
PARANOIA: 1
# Replaces PARANOIA as of CRS 4
BLOCKING_PARANOIA: 1
# Inbound and Outbound Anomaly Score Threshold
ANOMALY_INBOUND: 5
ANOMALY_OUTBOUND: 4
# Executing Paranoia Level
# - EXECUTING_PARANOIA=2
#
# Replaces EXECUTING_PARANOIA as of CRS 4
# - DETECTION_PARANOIA=2
#
# New in CRS 4
REPORTING_LEVEL: 2
#######################################################
# Reverse Proxy mode
# (only available if SETPROXY was enabled during the
# parent ModSecurity image)
#######################################################
# PROXYLOCATION: Application Backend of Reverse Proxy
# PROXYLOCATION: http://app:8000/
#
# If needed: add own httpd-proxy.conf (only available if SETPROXY
# was enabled during build of parent ModSecurity image)
# - ./httpd-proxy.conf:/usr/local/apache2/conf/extra/httpd-proxy.conf
#######################################################
# Various CRS Variables with Default Values
#######################################################
# ENFORCE_BODYPROC_URLENCODED: 1
# ALLOWED_METHODS: GET HEAD POST OPTIONS
# ALLOWED_REQUEST_CONTENT_TYPE: '|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'
# ALLOWED_REQUEST_CONTENT_TYPE_CHARSET: 'utf-8|iso-8859-1|iso-8859-15|windows-1252'
# ALLOWED_HTTP_VERSIONS: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
# RESTRICTED_EXTENSIONS: .asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
# RESTRICTED_HEADERS_BASIC: /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/
# RESTRICTED_HEADERS_EXTENDED: /accept-charset/
# STATIC_EXTENSIONS: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
#######################################################
# CRS Variables with Default Value unlimited
#######################################################
# MAX_NUM_ARGS: 255
# ARG_NAME_LENGTH: 100
# ARG_LENGTH: 400
# TOTAL_ARG_LENGTH: 64000
# MAX_FILE_SIZE: 1048576
# COMBINED_FILE_SIZES: 1048576
#######################################################
# Volumes for ModSecurity Tuning
#######################################################
volumes:
- ./REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
- ./RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
#######################################################
# Add TLS server certificate and key
# (only available if SETPROXY was enabled during the
# parent ModSecurity image)
#######################################################
# - ./server.crt:/usr/local/apache2/conf/server.crt
# - ./server.key:/usr/local/apache2/conf/server.key
services:
crs-apache:
image: owasp/modsecurity-crs:apache
ports:
- "80:8080"
# only available if SETTLS was enabled:
- "443:8443"
<<: *default-settings
crs-nginx:
image: owasp/modsecurity-crs:nginx
ports:
- "80:8080"
# only available if SETTLS was enabled:
- "443:8443"
<<: *default-settings