Skip to content

Sample Modsecurity proxy config for Blue team excercises

License

Notifications You must be signed in to change notification settings

aubourg/modsec-ng

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ModSecurity Proxy for BT

Content Table

Table of contents generated with markdown-toc

Summary

This is a docker image to run a WAF as proxy based on ModSecurity and Core Rules set (CRS) official image.

Files and folders

Using the official OWASP image for ModSecurity-CRS as a base image. The default entrypoint has been changed to supervisord. It's configured to start nginx and php-fpm, initially. Check the Supervisord section for more information.

src directory structure:

├── Dockerfile
├── docker-entrypoint.sh
├── etc
│   ├── modsecurity.d
│   │   └── modsecurity-override.conf
│   ├── nginx
│   │   └── templates
│   │       ├── conf.d
│   │       │   └── default.conf.template
│   │       └── nginx.conf.template
│   ├── supervisor.d
│   │   ├── start_crond.conf
│   │   ├── start_nginx.conf
│   │   └── start_php-fpm.conf
│   └── supervisord.conf
├── html
│   └── 403_error.php
├── server
│   ├── Dockerfile
│   ├── app.py
│   ├── docker-compose.yml
│   ├── requirements.txt
│   └── rules
│       ├── default
│       │   ├── REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
│       │   └── RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
│       └── template
│           ├── REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
│           └── RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
└── sync-crs-rules.sh

File name Description
docker-entrypoint.sh entrypoint script
Dockerfile dockerfile
etc/nginx/templates/nginx.conf.template nginx.conf template file
etc/nginx/templates/conf.d/default.conf.template nginx default.conf template file
etc/supervisord.conf supervisord configuration
etc/supervisor.d/start_crond.conf supervisor configuration for crond
etc/supervisor.d/start_nginx.conf supervisor configuration for nginx
etc/supervisor.d/start_php-fpm.conf supervisor configuration for php-fpm
html/403_error.php custom error page
sync-crs-rules.sh script to sync crs rules from a github repo

CRS Rules Sync

The script /sync-crs-rules.sh will sync the CRS rules from a CRS_RULES_SERVER.

Name Description
HOSTNAME Hostname that will be used to query CRS_RULES_SERVER
CRS_RULES_SYNC enable/disable the sync of the CRS rules from a github repo
CRS_RULES_SERVER server that serves the modesec rules (example server given in src/server
CRS_RULES_BRANCH branch name to sync the CRS rules from. default: main

The CRS file are in rules directory and mounted in the container at /opt/owasp-crs/rules by docker-compose

Environment variables

Modsecurity, Core Rules set (CRS) and NGINX

You can set all the environment variables from the official image

Supervisor

The default configuration for supervisor is in etc/supervisord.conf. The plugin supervisor-stdout is installed to redirect the output of the processes to stdout.

Add new service to supervisor

The supervisor load the configuration files from the folder etc/supervisor.d. Configuration example file for a new service:

[program:nginx]
command=<command to run> # if possible use --no-daemon mode.
stdout_events_enabled = true
stderr_events_enabled = true
autostart=true

Copy to etc/supervisor.d/start_<service>.conf to allow supervisor to load the configuration.

References:

About

Sample Modsecurity proxy config for Blue team excercises

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 45.3%
  • Python 24.9%
  • PHP 17.4%
  • Dockerfile 12.4%