add docker-compose.yaml with all env variables and ModSec tuning volu…

…mes for easier use
franbuehler · Dec 2, 2018 · 8d5417b · 8d5417b
1 parent fd474d4
commit 8d5417b
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -0,0 +1,44 @@
+version: "3"
+services:
+
+  crs:
+    image: franbuehler/modsecurity-crs-rp:v3.1
+    ports:
+      - "80:8001"
+
+    environment:
+      # Listening Port of Apache Reverse Proxy
+      - PORT=8001
+      # Application Backend (REPLACEME, but do not use localhost!)
+      - BACKEND=http://192.168.1.10:8000
+      # Paranoia Level
+      - PARANOIA=1
+      # Inbound and Outbound Anomaly Score Threshold
+      - ANOMALYIN=5
+      - ANOMALYOUT=4
+      # Executing Paranoia Level
+      # - EXECUTING_PARANOIA=2
+
+      # Various CRS Variables with Default Values
+      #- ENFORCE_BODYPROC_URLENCODED=1
+      #- ALLOWED_METHODS=GET HEAD POST OPTIONS
+      #- ALLOWED_REQUEST_CONTENT_TYPE=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain
+      #- ALLOWED_REQUEST_CONTENT_TYPE_CHARSET=utf-8|iso-8859-1|iso-8859-15|windows-1252
+      #- ALLOWED_HTTP_VERSIONS=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
+      #- RESTRICTED_EXTENSIONS=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
+      #- RESTRICTED_HEADERS=/proxy/ /lock-token/ /content-range/ /translate/ /if/
+      #- STATIC_EXTENSIONS=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
+
+      # CRS Variables with Default Value unlimited:
+      #- MAX_NUM_ARGS=255
+      #- ARG_NAME_LENGTH=100
+      #- ARG_LENGTH=400
+      #- TOTAL_ARG_LENGTH=64000
+      #- MAX_FILE_SIZE=1048576
+      #- COMBINED_FILE_SIZES=1048576
+
+    # Volumes for ModSecurity Tuning when done with volumes:
+    #volumes:
+      #- /path/to/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/apache2/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+      #- /path/to/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/apache2/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
+