File: //etc/modsecurity.d/owasp/tests/docker-compose.yml
# Only one of these will be up at a time for now.
# Concurrency will be on the tests folder we have.
x-common-env: &common-env
ARG_LENGTH: 400
TOTAL_ARG_LENGTH: 6400
BACKEND: http://backend
BLOCKING_PARANOIA: 4
COMBINED_FILE_SIZES: "65535"
CRS_ENABLE_TEST_MARKER: 1
MAX_FILE_SIZE: "64100"
MODSEC_AUDIT_LOG_FORMAT: Native
MODSEC_AUDIT_LOG_TYPE: Serial
MODSEC_RESP_BODY_ACCESS: "On"
MODSEC_RESP_BODY_MIMETYPE: "text/plain text/html text/xml application/json"
MODSEC_RULE_ENGINE: DetectionOnly
MODSEC_TMP_DIR: "/tmp"
PORT: "8080"
VALIDATE_UTF8_ENCODING: 1
x-apache-env: &apache-env
<<: *common-env
ACCESSLOG: "/var/log/apache2/access.log"
ERRORLOG: "/var/log/apache2/error.log"
MODSEC_AUDIT_LOG: "/var/log/apache2/modsec_audit.log"
SERVERNAME: modsec2-apache
x-nginx-env: &nginx-env
<<: *common-env
ACCESSLOG: "/var/log/nginx/access.log"
ERRORLOG: "/var/log/nginx/error.log"
LOGLEVEL: "info"
MODSEC_AUDIT_LOG: "/var/log/nginx/modsec_audit.log"
SERVERNAME: modsec3-nginx
services:
modsec2-apache: &apache
container_name: modsec2-apache
image: owasp/modsecurity-crs:apache@sha256:45ee5bff38d7513b66c6726ac5eede3e1702940835e7ddaf96a658fb88f3fd15
# NOTE: The user used to run the container process is explicitly set to
# 'root'. This fixes issues with permissions on the logging directories used
# as bind mounts. This is done as *a convenience for running the CRS testing
# setup only* and *should not be done in general!*
user: root
environment:
<<: *apache-env
volumes:
- ./logs/modsec2-apache:/var/log/apache2:rw
- ../rules:/opt/owasp-crs/rules:ro
- ../plugins:/opt/owasp-crs/plugins:ro
- ../crs-setup.conf.example:/etc/modsecurity.d/owasp-crs/crs-setup.conf.example
entrypoint: ["/bin/sh", "-c", "/bin/cp /etc/modsecurity.d/owasp-crs/crs-setup.conf.example /etc/modsecurity.d/owasp-crs/crs-setup.conf && /docker-entrypoint.sh httpd-foreground"]
ports:
- "80:8080"
depends_on:
- backend
modsec2-apache-debug:
<<: *apache
container_name: modsec2-apache-debug
environment:
<<: *apache-env
MODSEC_DEBUG_LOG: "/var/log/apache2/modsec_debug.log"
MODSEC_DEBUG_LOGLEVEL: 9
modsec3-nginx: &nginx
container_name: modsec3-nginx
image: owasp/modsecurity-crs:nginx@sha256:d5075e29201de332751b1a691186944ae0af1f4d9dda37275daa342d18117902
# NOTE: The user used to run the container process is explicitly set to
# 'root'. This fixes issues with permissions on the logging directories used
# as bind mounts. This is done as *a convenience for running the CRS testing
# setup only* and *should not be done in general!*
user: root
environment:
<<: *nginx-env
volumes:
- ./logs/modsec3-nginx:/var/log/nginx:rw
- ../rules:/opt/owasp-crs/rules:ro
- ../plugins:/opt/owasp-crs/plugins:ro
- ../crs-setup.conf.example:/etc/modsecurity.d/owasp-crs/crs-setup.conf.example
entrypoint: ["/bin/sh", "-c", "/bin/cp /etc/modsecurity.d/owasp-crs/crs-setup.conf.example /etc/modsecurity.d/owasp-crs/crs-setup.conf && /docker-entrypoint.sh nginx -g 'daemon off;'"]
ports:
- "80:8080"
depends_on:
- backend
modsec3-nginx-debug:
<<: *nginx
container_name: modsec3-nginx-debug
entrypoint: ["/bin/sh", "-c", "/bin/cp /etc/modsecurity.d/owasp-crs/crs-setup.conf.example /etc/modsecurity.d/owasp-crs/crs-setup.conf && /docker-entrypoint.sh nginx-debug -g 'daemon off;'"]
environment:
<<: *nginx-env
MODSEC_DEBUG_LOG: "/var/log/nginx/modsec_debug.log"
MODSEC_DEBUG_LOGLEVEL: 9
backend:
image: ghcr.io/coreruleset/albedo:0.3.0@sha256:843ed01d28f48b594dcc0278ea9403175a0bf40ec065432040b796f589e89507
command: ["--port", "80"]