search

coreruleset / modsecurity-crs-docker

Official ModSecurity Docker + Core Rule Set (CRS) images
https://coreruleset.org
Apache License 2.0
269 stars 69 forks source link

Nginx configuration problem? #71

Closed mbrozzo closed 2 years ago

mbrozzo commented 2 years ago

Hello, I am doing a university project and I was advised to use this container. I thought it was working fine, but tonight when I tried it and I accessed the modsecurity port, I got this: image So I tried using a very very simple docker-compose.yml (please check if I have made any mistakes in the compose file):

version: "3"

networks:
  gitea:
    external: false

services:
  modsecurity-crs:
    image: owasp/modsecurity-crs:3.3.2-nginx
    # hostname: modsecurity-crs
    ports: 
      - "8000:80"
    environment:
      - "BACKEND=http://whoami"
      - SERVERNAME=gitea_server
      - PORT=80
    networks:
      - gitea
    depends_on:
       - whoami
    # logging:
    #   driver: loki
    #   options:
    #     loki-url: http://localhost:3100/loki/api/v1/push

  whoami:
    image: "traefik/whoami"
    # hostname: whoami
    ports: 
      - "80:80"
    networks:
      - gitea

I still get the same response from modsecurity (port 8000), while whoami works fine (port 80).

Here are the modsecurity logs, but I think they are useless:

2022/04/13 23:04:52 [notice] 1#1: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/0/0)
172.21.0.1 - - [13/Apr/2022:23:04:59 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.68.0"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:48 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:49 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:51 [error] 29#29: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:51 [error] 29#29: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:51 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:52 [error] 29#29: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:52 [error] 29#29: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
2022/04/13 23:06:52 [error] 29#29: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.100.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.11:8000", referrer: "http://192.168.100.11:8000/"
192.168.100.1 - - [13/Apr/2022:23:06:52 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.11:8000/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"

I tried entering the container to read the /var/log/nginx/error.log but cat does not seem to work and there are no tail, nano or vi installed.

EDIT: I know this might be a mistake on my part in configuring the container, sorry if that is the case.

floriannadaud commented 2 years ago

Hi there :wave:

We are having the same issue since someone has override the 3.3.2-nginx image tag

Our current workaround is to use a previous image digest form the 3.3.2-nginx tag: owasp/modsecurity-crs@sha256:ce648dd5fd0d250f6505299a47a532e50bcde02366888ef5924dea27f65cba7b

IMO the published tags should not be overridden

limemdhafer19 commented 2 years ago

Same problem here !!!

mbrozzo commented 2 years ago

Hi there đź‘‹

We are having the same issue since someone has override the 3.3.2-nginx image tag

Our current workaround is to use a previous image digest form the 3.3.2-nginx tag: owasp/modsecurity-crs@sha256:ce648dd5fd0d250f6505299a47a532e50bcde02366888ef5924dea27f65cba7b

IMO the published tags should not be overridden

Definitely a bad idea to overwrite the tag! Thank you for the workaround, I will try it when I have time.

theseion commented 2 years ago

Thanks for reporting this. I noticed the same today by chance. We'll look into it.

theseion commented 2 years ago

An issue with this image was fixed in https://github.com/coreruleset/modsecurity-crs-docker/issues/62. Can you force pull and check whether your issue persists?

theseion commented 2 years ago

Closing this as duplicate of #72, and considering it addressed in #67.

mbrozzo commented 2 years ago

Closing this as duplicate of #72, and considering it addressed in #67.

I have pulled the new image from docker hub but I am still getting the same problem. Am I missing something?

EDIT: I am dumb, when you said it was addressed I thought you meant it was solved. I see that the issue is still open though.

theseion commented 2 years ago

Sorry. I meant to write that overwriting of image tags should be addressed by #67.