Activar modsecurity y añadir regla para excluir el mediawiki

2021-09-11 11:25:01 +02:00 · 2021-09-11 11:25:01 +02:00 · 5da23656b4
parent d2a217a444
commit 5da23656b4
3 changed files with 12 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,6 +9,8 @@ services:
    volumes:
      - ./html-es.hackmeeting.org:/var/www/html
      - ./etc/hm/LocalSettings.php:/var/www/html/LocalSettings.php
+      - ./etc/modsecurity/hm.conf:/etc/modsecurity/hm.conf
+      - ./data/hm/logs/apache2:/var/log/apache2
  mariadb:
    restart: always
    image: mariadb
--- a/etc/modsecurity/hm.conf
+++ b/etc/modsecurity/hm.conf
@ -0,0 +1,7 @@
+# Drop XSS checks on es.hackmeeting.org mediawiki
+SecRule REQUEST_URI "@beginsWith /hm/index.php" \
+    "id:1004,\
+    phase:1,\
+    pass,\
+    nolog,\
+    ctl:ruleEngine=off" 
--- a/images/hm/Dockerfile
+++ b/images/hm/Dockerfile
@ -1,7 +1,7 @@
 FROM php:7.0-apache

 RUN apt-get update
-RUN apt-get install -y unzip libicu-dev
+RUN apt-get install -y unzip libicu-dev libapache2-mod-security2 modsecurity-crs
 # RUN apt-get install -y libzip4 libzip-dev

 # RUN docker-php-ext-install zip
@ -13,4 +13,6 @@ RUN docker-php-ext-install intl
 RUN a2enmod headers
 RUN a2enmod rewrite

+RUN sed 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/modsecurity/modsecurity.conf-recommended > /etc/modsecurity/modsecurity.conf
+
 WORKDIR /var/www/html