Mod Security Build Updates

[allupaku]

I have tested it with all functionalities. It will run with the .so added by this step

nginx/Dockerfile

Line 190 in 31d1f2d

runDeps="$( \

, this will find all the run time dependency so files, basically geoip and libmandb.

I have also disabled the mod security by default - as to not break any existing installations, because mod security at times will behave wierd and will start blocking requests. So for such cases where there are lot of false positives i have added env to add more Modsec configurations and to fine tune the thresholds.

I have also added some tests for basic mod sec functionality testing.

[csandanov]

Thank you, looking better, having tests is especially good. If we're to keep it disabled by default I think we should rename the env var to $NGINX_MODSECURITY_ENABLE to avoid any confusions, that's what we do usually for all images.

Could you please perhaps provide an example where it "acts weird" by blocking requests? I'm sceptical about having a module with the default configuration that breaks something and there's no clear understanding why and how to configure it correctly.

[allupaku]

By wierd, i mean not about the modsecurity as such , but the owasp rule set is very strict at default levels that it even blocks a password entry with characters like "!@#" etc. So this need to be fine tuned when using owasp rule set. The lib modsecurity will not break any functionality, but the rules for firewall need to be configured and if we use owasp crs blindly, it will start blocking some legit drupal requests as well.