8000 Add env variables by zugao · Pull Request #7 · coreruleset/modsecurity-crs-docker · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add env variables #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 2, 2020
Merged

Add env variables #7

merged 3 commits into from
Mar 2, 2020

Conversation

zugao
Copy link
Contributor
@zugao zugao commented Feb 14, 2020

Added the following ENV variables for Apache and ModSecurity configuration:

  • TIMEOUT
  • LOGLEVEL
  • ERRORLOG
  • USER
  • GROUP
  • SERVERADMIN
  • SERVERNAME
  • PORT
  • MODSEC_RULE_ENGINE
  • MODSEC_REQ_BODY_ACCESS
  • MODSEC_REQ_BODY_LIMIIT
  • MODSEC_REQ_BODY_NOFILES_LIMIT
  • MODSEC_RESP_BODY_ACCESS
  • MODSEC_RESP_BODY_LIMIT
  • MODSEC_PCRE_MATCH_LIMIT
  • MODSEC_PCRE_MATCH_LIMIT_RECURSION

@zugao zugao requested review from bittner and srueg February 14, 2020 16:13
@zugao zugao force-pushed the add-env-variables branch from 2b655e7 to c4571db Compare February 17, 2020 12:02
bittner
bittner suggested changes Feb 17, 2020
View reviewed changes
@zugao zugao force-pushed the add-env-variables branch 3 times, most recently from afb0f48 to 7aad04b Compare February 18, 2020 12:34
@zugao zugao requested a review from bittner February 18, 2020 12:35
mhutter
mhutter suggested changes Feb 18, 2020
View reviewed changes
Copy link
@mhutter mhutter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.3-apache/Dockerfile should probably inherit from owasp/modsecurity:3 as the nginx one does?

@zugao
Copy link
Contributor Author
zugao commented Feb 18, 2020
edited
Loading

3.3-apache/Dockerfile should probably inherit from owasp/modsecurity:3 as the nginx one does?

In this ticket we are making environment variables available so I'm not sure if it's the right moment to update the upstream image version. @bittner can you comment on that?

@zugao zugao force-pushed the add-env-variables branch from 7aad04b to cbc1226 Compare February 18, 2020 16:21
@zugao zugao requested a review from mhutter February 19, 2020 08:22
srueg
srueg suggested changes Feb 19, 2020
View reviewed changes
@zugao zugao force-pushed the add-env-variables branch from cbc1226 to caf4284 Compare February 19, 2020 09:20
bittner
bittner suggested changes Feb 19, 2020
View reviewed changes
bittner
bittner reviewed Feb 19, 2020
View reviewed changes
@mhutter
Copy link
mhutter commented Feb 19, 2020

3.3-apache/Dockerfile should probably inherit from owasp/modsecurity:3 as the nginx one does?

In this ticket we are making available environment variables available so I'm not sure if it's the right moment to update the upstream image version.

Makes sense

@bittner
Copy link
Contributor
bittner commented Feb 19, 2020

3.3-apache/Dockerfile should probably inherit from owasp/modsecurity:3 as the nginx one does?

No. This is correct as it is, because:

Think in terms of:

  • ModSecurity 2 <==> Apache
  • ModSecurity 3 <==> Nginx

Hence, if you want Apache you have to pick ModSecurity 2. That's simply a given.

@zugao zugao force-pushed the add-env-variables branch from caf4284 to c35044f Compare February 21, 2020 12:48
@zugao
Copy link
Contributor Author
zugao commented Feb 21, 2020

After some extensive testing I found out Apache does not override the Listen directive. I had to use sed in Dockerfile in order to override the existing directive in httpd.conf file.

@zugao zugao requested review from srueg and bittner February 21, 2020 12:50
@zugao zugao force-pushed the add-env-variables branch from c35044f to e4a2727 Compare February 21, 2020 15:21
@bittner bittner mentioned this pull request Feb 22, 2020
Merged
@simu simu mentioned this pull request Feb 24, 2020
Closed
bittner
bittner suggested changes Feb 25, 2020
View reviewed changes
@zugao zugao force-pushed the add-env-variables branch from e4a2727 to b10e4ee Compare February 26, 2020 18:56
@dune73
Copy link
Member
dune73 commented Feb 26, 2020

A few thoughts:

  • Please bring back the performance data and the anomaly scores in this or a subsequent PR
  • The MODSEC_RESP_BODY_LIMIT=524288 is very low. I suggest to raise it to 1M
  • The MODSEC_PCRE_MATCH_LIMIT=1000 is also very low for production. 10K or 100K is more reasonable and still relatively safe
  • MODSEC_PCRE_MATCH_LIMIT_RECURSION=1000 is also very low for production. 10K or 100K is more reasonable and still relatively safe

@zugao zugao force-pushed the add-env-variables branch from b10e4ee to 57fe153 Compare March 2, 2020 08:16
@zugao zugao requested a review from bittner March 2, 2020 08:17
bittner
bittner suggested changes Mar 2, 2020
View reviewed changes
@zugao zugao force-pushed the add-env-variables branch from 57fe153 to c3d6a44 Compare March 2, 2020 09:16
@zugao zugao requested a review from bittner March 2, 2020 09:16
@zugao zugao force-pushed the add-env-variables branch from ce5ca82 to ae0d6ae Compare March 2, 2020 11:35
@zugao zugao merged commit defd25d into coreruleset:master Mar 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bittner bittner bittner approved these changes

@srueg srueg srueg approved these changes

@mhutter mhutter Awaiting requested review from mhutter

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@zugao @mhutter @bittner @dune73 @srueg
0