search

coreruleset / modsecurity-crs-docker

Official ModSecurity Docker + Core Rule Set (CRS) images
https://coreruleset.org
Apache License 2.0
241 stars 63 forks source link

Enable Lua script support #176

Closed theseion closed 7 months ago

theseion commented 7 months ago

ModSecurity has a SecRuleScript directive, which requires Lua support. We currently don't compile with Lua support.

fzipi commented 7 months ago

We include the necessary files in https://github.com/coreruleset/modsecurity-crs-docker/blob/61bc83de721c0ccbd2d6d582512a10926d383d5e/apache/Dockerfile#L23, but looks like the configure script isn't finding those.

theseion commented 7 months ago

The docs say to LoadFile Lua before ModSecurity: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#edit-the-main-apache-httpd-config-file-usually-httpdconf. We're probably not doing that.

theseion commented 7 months ago

It looks like it should work to do something like this (httpd actually appears to start with this):

LoadFile /usr/lib/aarch64-linux-gnu/liblua5.2.so.0.0.0

The path isn't great obviously, maybe wen can abstract it, or discover the file using find.

dune73 commented 7 months ago

Good plan.

And please try to support lua 5.4 if available. Did not test that, though. Lua 5.2 seems really old by now.

theseion commented 7 months ago

So... Lua support is actually enabled and works (for httpd at least). I'm checking the other images now.

theseion commented 7 months ago

And please try to support lua 5.4 if available. Did not test that, though. Lua 5.2 seems really old by now.

5.3 is the highest version supported by ModSecurity.

dune73 commented 7 months ago

Ah sucks. Everything is old and rusty around ModSecurity.