Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add docker-compose.yaml with all env variables and ModSec tuning volu…
…mes for easier use
- Loading branch information
1 parent
fd474d4
commit 8d5417b
Showing
1 changed file
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
version: "3" | ||
services: | ||
|
||
crs: | ||
image: franbuehler/modsecurity-crs-rp:v3.1 | ||
ports: | ||
- "80:8001" | ||
|
||
environment: | ||
# Listening Port of Apache Reverse Proxy | ||
- PORT=8001 | ||
# Application Backend (REPLACEME, but do not use localhost!) | ||
- BACKEND=http://192.168.1.10:8000 | ||
# Paranoia Level | ||
- PARANOIA=1 | ||
# Inbound and Outbound Anomaly Score Threshold | ||
- ANOMALYIN=5 | ||
- ANOMALYOUT=4 | ||
# Executing Paranoia Level | ||
# - EXECUTING_PARANOIA=2 | ||
|
||
# Various CRS Variables with Default Values | ||
#- ENFORCE_BODYPROC_URLENCODED=1 | ||
#- ALLOWED_METHODS=GET HEAD POST OPTIONS | ||
#- ALLOWED_REQUEST_CONTENT_TYPE=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain | ||
#- ALLOWED_REQUEST_CONTENT_TYPE_CHARSET=utf-8|iso-8859-1|iso-8859-15|windows-1252 | ||
#- ALLOWED_HTTP_VERSIONS=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 | ||
#- RESTRICTED_EXTENSIONS=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/ | ||
#- RESTRICTED_HEADERS=/proxy/ /lock-token/ /content-range/ /translate/ /if/ | ||
#- STATIC_EXTENSIONS=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/ | ||
|
||
# CRS Variables with Default Value unlimited: | ||
#- MAX_NUM_ARGS=255 | ||
#- ARG_NAME_LENGTH=100 | ||
#- ARG_LENGTH=400 | ||
#- TOTAL_ARG_LENGTH=64000 | ||
#- MAX_FILE_SIZE=1048576 | ||
#- COMBINED_FILE_SIZES=1048576 | ||
|
||
# Volumes for ModSecurity Tuning when done with volumes: | ||
#volumes: | ||
#- /path/to/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/apache2/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf | ||
#- /path/to/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/apache2/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf | ||
|