search

coreruleset / modsecurity-crs-docker

Official ModSecurity Docker + Core Rule Set (CRS) images
https://coreruleset.org
Apache License 2.0
267 stars 69 forks source link

Review including modsecurity.conf-recommended or just use the override #234

Closed fzipi closed 5 months ago

fzipi commented 5 months ago

In our apache build we are using the upstream modsecurity.conf-recommended file, and we add our own override file after that one.

This causes some friction because it always require files that are not going to be used, and also extended permissions when running in no permission filesystems.

For example:

apache-nightly                        | AH00526: Syntax error on line 199 of /etc/modsecurity.d/modsecurity.conf:
apache-nightly                        | ModSecurity: Failed to open the audit log file: /var/log/modsec_audit.log

This doesn't make sense because it never gets to our override that will actually point that file to the correct directory.

My proposal is to just replace it with the actual override instead, merging both files in our own file.

theseion commented 5 months ago

Makes sense to me. But maybe we should be able to detect when the recommended file changes. We could compute the hash and compare it to a known value, and abort the build when the values differ.