-
Notifications
You must be signed in to change notification settings - Fork 8
/
docker-compose.yaml
44 lines (38 loc) · 2.09 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
version: "3"
services:
crs:
image: franbuehler/modsecurity-crs-rp:v3.1
ports:
- "8001:8001"
environment:
# Listening Port of Apache Reverse Proxy
- PORT=8001
# Application Backend (REPLACEME, but do not use localhost!)
- BACKEND=http://192.168.1.10:8000
# Paranoia Level
- PARANOIA=1
# Inbound and Outbound Anomaly Score Threshold
- ANOMALYIN=5
- ANOMALYOUT=4
# Executing Paranoia Level
# - EXECUTING_PARANOIA=2
# Various CRS Variables with Default Values
#- ENFORCE_BODYPROC_URLENCODED=1
#- ALLOWED_METHODS=GET HEAD POST OPTIONS
#- ALLOWED_REQUEST_CONTENT_TYPE=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain
#- ALLOWED_REQUEST_CONTENT_TYPE_CHARSET=utf-8|iso-8859-1|iso-8859-15|windows-1252
#- ALLOWED_HTTP_VERSIONS=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
#- RESTRICTED_EXTENSIONS=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
#- RESTRICTED_HEADERS=/proxy/ /lock-token/ /content-range/ /translate/ /if/
#- STATIC_EXTENSIONS=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
# CRS Variables with Default Value unlimited:
#- MAX_NUM_ARGS=255
#- ARG_NAME_LENGTH=100
#- ARG_LENGTH=400
#- TOTAL_ARG_LENGTH=64000
#- MAX_FILE_SIZE=1048576
#- COMBINED_FILE_SIZES=1048576
# Volumes for ModSecurity Tuning when done with volumes:
#volumes:
#- ./REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/apache2/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
#- ./RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/apache2/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf