Skip to content

eben0/modsecurity-nginx-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ModSecurity NGINX Proxy

modsecurity-nginx-proxy allows running multiple hostnames backed by ModSecurity.

The image is a mix up of owasp/modsecurity and jwilder/nginx-proxy.

Example using docker-compose:

version: '3.9'

services:
  proxy:
    build:
      dockerfile: Dockerfile
      context: .
    image: eben0/modsecurity-nginx-proxy
    ports:
      - 80:80
      - 443:443
    container_name: proxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./modsecurity.d/rules:/etc/modsecurity.d/proxy-rules:ro
      - nginx-certs:/etc/nginx/certs
      - nginx-vhost:/etc/nginx/vhost.d
      - nginx-html:/usr/share/nginx/html
    environment:
      MODSEC_DEBUG_LOGLEVEL: 5
    networks:
      service_network:

  web:
    image: nginx
    container_name: web
    environment:
      VIRTUAL_PORT: 8080
      VIRTUAL_HOST: web.example.com
    networks:
      service_network:

networks:
  service_network:

volumes:
  nginx-certs:
  nginx-vhost:
  nginx-html:

Engine Core Rules Set

The image does not include engine rules. you can grab the rules from the official CRS repo:

https://github.com/coreruleset/coreruleset/tree/v3.4/dev/rules

To include rules you should create rules.conf file within rules directory:

Include REQUEST-901-INITIALIZATION.conf
# ...

Mount the folder:

volumes:
  - ./rules:/etc/modsecurity.d/proxy-rules

About

ModSecurity NGINX Proxy

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

3.0.6-0.9.3 Latest
Dec 31, 2021
+ 1 release

Packages

No packages published

Languages