Closed AdriTheSky closed 2 weeks ago
I suggest you turn on the debug log and try to figure out what ModSecurity is doing with your rule. You can run nginx
in debug mode by replacing the container command with "nginx-debug" "-g" "daemon off;"
. Then you also need to set the log level using LOGLEVEL
environment variable documented here: https://github.com/coreruleset/modsecurity-crs-docker. Your debug output will end up in the nginx error log.
Hello, ok i see my error :
- source: modsecurity-override
target: /etc/modsecurity.d/modesecurity-override.conf
to
- source: modsecurity-override
target: /etc/modsecurity.d/modsecurity-override.conf
but after that i'm redeploying stack and i have a error with the custom entrypoint : nginx/docker-entrypoint.d/90-copy-modsecurity-config.sh : error: can not modify /etc/modsecurity.d/modsecurity-override.conf (read-only file system?)
so i try other solution to copy in /etc/nginx/modsecurity.d/ but i got this : error: cannot copy config files to /etc/modsecurity.d
I try to do a Dockerfile with my config but same error.
Looks like you're running your container with read_only
. There's nothing in the image that defines the file system to be read-only.
@AdriTheSky What's next here?
@AdriTheSky Please try the following: mount your file below the /etc/nginx/templates/modsecurity.d
directory. This is because it will be used by the nginx templating to generate the file in the container.
Hello,
Sorry for the time to give you an answer, @fzipi this solution seem to work.
To resume what i do :
ARG VERSION=nginx-alpine
FROM owasp/modsecurity-crs:${VERSION}
COPY ./modsec/GeoLite2-Country.mmdb /usr/share/GeoIP/ COPY ./modsec/modsecurity-override.conf /etc/nginx/templates/modsecurity.d/modsecurity-override.conf.template
3. Building the container in local : `docker image build -f [MY_DOCKERFILE] -t [MY_SUPER_TAG_NAME] .`
4. Running my stack
5. Testing with Opera proxy on an apps of my organisation seem to work fine.
Best regard,
Adrien.
Thanks.
Hello, i'm trying to block countries IP but i don't understand where i can use my custom rules.
I create a new service (i'm using docker swarm) like this :
I use to read this to download database GeoLite : https://latebits.com/2022/11/21/using-waf-and-geoip-data-to-block-specific-countries/
I create a file name 'modsecurity-override.conf' and i put my rules in :
When i try on a VPN nothing is block and i don't have any warn or something to help me.
Someone can maybe explain me if i miss something ?
Sorry for my English i'm not a native speaker :).
Thanks !