Activar modsecurity y añadir regla para excluir el mediawiki

This commit is contained in:
Ales (Shagi) Zabala Alava 2021-09-11 11:25:01 +02:00
parent d2a217a444
commit 5da23656b4
3 changed files with 12 additions and 1 deletions

View File

@ -9,6 +9,8 @@ services:
volumes: volumes:
- ./html-es.hackmeeting.org:/var/www/html - ./html-es.hackmeeting.org:/var/www/html
- ./etc/hm/LocalSettings.php:/var/www/html/LocalSettings.php - ./etc/hm/LocalSettings.php:/var/www/html/LocalSettings.php
- ./etc/modsecurity/hm.conf:/etc/modsecurity/hm.conf
- ./data/hm/logs/apache2:/var/log/apache2
mariadb: mariadb:
restart: always restart: always
image: mariadb image: mariadb

7
etc/modsecurity/hm.conf Normal file
View File

@ -0,0 +1,7 @@
# Drop XSS checks on es.hackmeeting.org mediawiki
SecRule REQUEST_URI "@beginsWith /hm/index.php" \
"id:1004,\
phase:1,\
pass,\
nolog,\
ctl:ruleEngine=off"

View File

@ -1,7 +1,7 @@
FROM php:7.0-apache FROM php:7.0-apache
RUN apt-get update RUN apt-get update
RUN apt-get install -y unzip libicu-dev RUN apt-get install -y unzip libicu-dev libapache2-mod-security2 modsecurity-crs
# RUN apt-get install -y libzip4 libzip-dev # RUN apt-get install -y libzip4 libzip-dev
# RUN docker-php-ext-install zip # RUN docker-php-ext-install zip
@ -13,4 +13,6 @@ RUN docker-php-ext-install intl
RUN a2enmod headers RUN a2enmod headers
RUN a2enmod rewrite RUN a2enmod rewrite
RUN sed 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/modsecurity/modsecurity.conf-recommended > /etc/modsecurity/modsecurity.conf
WORKDIR /var/www/html WORKDIR /var/www/html