Coder Social home page Coder Social logo

mrkoopakiller / modsec-for-bts Goto Github PK

View Code? Open in Web Editor NEW

This project forked from arturluik/modsec-for-bts

3.0 1.0 1.0 78 KB

Sample Modsecurity proxy config for Blue team excercises

License: Apache License 2.0

Shell 47.26% PHP 18.20% Dockerfile 12.64% Python 21.90%

modsec-for-bts's Introduction

ModSecurity Proxy for BT

Content Table

Table of contents generated with markdown-toc

Summary

This is a docker image to run a WAF as proxy based on ModSecurity and Core Rules set (CRS) official image.

Files and folders

Using the official OWASP image for ModSecurity-CRS as a base image. The default entrypoint has been changed to supervisord. It's configured to start nginx and php-fpm, initially. Check the Supervisord section for more information.

src directory structure:

├── Dockerfile
├── docker-entrypoint.sh
├── etc
│   ├── modsecurity.d
│   │   └── modsecurity-override.conf
│   ├── nginx
│   │   └── templates
│   │       ├── conf.d
│   │       │   └── default.conf.template
│   │       └── nginx.conf.template
│   ├── supervisor.d
│   │   ├── start_crond.conf
│   │   ├── start_nginx.conf
│   │   └── start_php-fpm.conf
│   └── supervisord.conf
├── html
│   └── 403_error.php
├── server
│   ├── Dockerfile
│   ├── app.py
│   ├── docker-compose.yml
│   ├── requirements.txt
│   └── rules
│       ├── default
│       │   ├── REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
│       │   └── RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
│       └── template
│           ├── REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
│           └── RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
└── sync-crs-rules.sh

File name Description
docker-entrypoint.sh entrypoint script
Dockerfile dockerfile
etc/nginx/templates/nginx.conf.template nginx.conf template file
etc/nginx/templates/conf.d/default.conf.template nginx default.conf template file
etc/supervisord.conf supervisord configuration
etc/supervisor.d/start_crond.conf supervisor configuration for crond
etc/supervisor.d/start_nginx.conf supervisor configuration for nginx
etc/supervisor.d/start_php-fpm.conf supervisor configuration for php-fpm
html/403_error.php custom error page
sync-crs-rules.sh script to sync crs rules from a github repo

CRS Rules Sync

The script /sync-crs-rules.sh will sync the CRS rules from a CRS_RULES_SERVER.

Name Description
HOSTNAME Hostname that will be used to query CRS_RULES_SERVER
CRS_RULES_SYNC enable/disable the sync of the CRS rules from a github repo
CRS_RULES_SERVER server that serves the modesec rules (example server given in src/server
CRS_RULES_BRANCH branch name to sync the CRS rules from. default: main

The CRS file are in rules directory and mounted in the container at /opt/owasp-crs/rules by docker-compose

Environment variables

Modsecurity, Core Rules set (CRS) and NGINX

You can set all the environment variables from the official image

Supervisor

The default configuration for supervisor is in etc/supervisord.conf. The plugin supervisor-stdout is installed to redirect the output of the processes to stdout.

Add new service to supervisor

The supervisor load the configuration files from the folder etc/supervisor.d. Configuration example file for a new service:

[program:nginx]
command=<command to run> # if possible use --no-daemon mode.
stdout_events_enabled = true
stderr_events_enabled = true
autostart=true

Copy to etc/supervisor.d/start_<service>.conf to allow supervisor to load the configuration.

References:

modsec-for-bts's People

Contributors

arturluik avatar mrkoopakiller avatar

Stargazers

 avatar  avatar  avatar

Watchers

 avatar

Forkers

eestisinised

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.