Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: override full modsecurity.conf file #239

Merged
merged 3 commits into from
May 5, 2024
Merged

feat: override full modsecurity.conf file #239

merged 3 commits into from
May 5, 2024

Conversation

fzipi
Copy link
Member

@fzipi fzipi commented Apr 26, 2024
edited
Loading

  • move all variables from modsecurity-override.conf to modsecurity.conf
  • add extra variables to configure modsecurity.conf params
  • update README with new variables
  • use only curl and remove wget usage (consistency)

Fixes #234

@fzipi fzipi requested review from airween, theseion and dune73 April 26, 2024 21:08
@fzipi fzipi force-pushed the use-modsecurity-conf branch from 20272ae to 032914e Compare April 26, 2024 21:32
theseion
theseion requested changes Apr 27, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
README.md Show resolved Hide resolved
README.md Show resolved Hide resolved
src/etc/modsecurity.d/modsecurity.conf Outdated Show resolved Hide resolved
@fzipi fzipi force-pushed the use-modsecurity-conf branch from 8f7adce to 8031ecf Compare April 27, 2024 12:38
@fzipi fzipi requested a review from theseion April 27, 2024 12:39
@fzipi
Copy link
Member Author

fzipi commented May 1, 2024

No comments from @dune73 or @airween. Will merge by EOD.

@fzipi fzipi merged commit b143c24 into coreruleset:develop May 5, 2024
6 checks passed
@fzipi fzipi deleted the use-modsecurity-conf branch May 5, 2024 15:36
@ruipin
Copy link

ruipin commented May 5, 2024
edited
Loading

Thanks for your work! Unfortunately, this pull request broke my setup using nginx-alpine.

To fix it I had to force the following values inside my docker compose:

MODSEC_AUDIT_STORAGE_DIR: /var/log/modsecurity/audit/
MODSEC_DISABLE_BACKEND_COMPRESSION: 'Off'
MODSEC_UPLOAD_KEEP_FILES: 'Off'

The first one seems due to a typo - MODSEC_AUDIT_STORAGE_DIR is used by the new file, but the environment variable that is used for the default value is MODSEC_AUDIT_STORAGE.

The second one doesn't seem to have a default value.

The third one would complain that RelevantOnly was not a valid value, and it needed On or Off.

I've created #243

@ruipin ruipin mentioned this pull request May 5, 2024
Closed
@fzipi fzipi mentioned this pull request May 6, 2024
Merged
@theseion theseion mentioned this pull request May 9, 2024
Closed
@fzipi fzipi mentioned this pull request May 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theseion theseion theseion approved these changes

@airween airween Awaiting requested review from airween

@dune73 dune73 Awaiting requested review from dune73

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Review including modsecurity.conf-recommended or just use the override
3 participants
@fzipi @ruipin @theseion