Skip to content

fix: nginx module more headers #515

fix: nginx module more headers

fix: nginx module more headers #515

Workflow file for this run

---
name: Verify Images
on:
pull_request:
branches:
- main
env:
REPO: "owasp/modsecurity-crs"
# sha256sum format: <hash><space><format (space for text)><file name>
MODSECURITY_RECOMMENDED: "ccff8ba1f12428b34ff41960d8bf773dd9f62b9a7c77755247a027cb01896d4f modsecurity.conf-recommended"
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.generate.outputs.targets }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: List targets
id: generate
uses: docker/bake-action/subaction/list-targets@v4
- name: Check modsecurity recommended
run: |
curl -sSL https://raw.githubusercontent.com/owasp-modsecurity/ModSecurity/v3/master/modsecurity.conf-recommended -o modsecurity.conf-recommended
echo '${{ env.MODSECURITY_RECOMMENDED }}' > sha256sum.txt
sha256sum -c sha256sum.txt
build:
runs-on: ubuntu-latest
needs:
- prepare
strategy:
matrix:
target: ${{ fromJson(needs.prepare.outputs.targets) }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: image=moby/buildkit:master
- name: Build images
uses: docker/[email protected]
with:
files: |
./docker-bake.hcl
targets: ${{ matrix.target }}
set: |
*.platform=linux/amd64
load: true
push: false
- name: Run ${{ matrix.target }}
run: |
. .github/workflows/configure-rules-for-test.sh \
src/opt/modsecurity/configure-rules.conf \
"$(pwd)/${{ matrix.target }}.env"
echo "Starting container ${{ matrix.target }}"
docker run \
--pull "never" \
-d \
--name ${{ matrix.target }}-test \
--env-file "${{ matrix.target }}.env" \
"${REPO}:${{ matrix.target }}"
sleep 30
docker logs ${{ matrix.target }}-test
- name: Verify ${{ matrix.target }}
run: |
[ $(docker inspect ${{ matrix.target }}-test --format='{{.State.Running}}') = 'true' ]
if grep -q "nginx "<<< "${{ matrix.target }}"; then
curl -q -D headers.txt http://localhost:8080/?test=../../etc/passwd
grep -q "HTTP/1.1 403 Forbidden" headers.txt
grep -q "Access-Control-Allow-Origin: *" headers.txt
grep -q "Access-Control-Max-Age: 3600" headers.txt
grep -q "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS" headers.txt
grep -q "Access-Control-Allow-Headers: *" headers.txt
fi