This is Docker setup to run a WAF as reverse proxy based on ModSecurity and OWASP Core Rules set (CRS) official image. For BSides Tallinn 2024 workshop a notably insecure webapp, FluentBit, Elastic+Kibana and Sumologic connector were added to make experimenting with logging setup easy.
- create
.envandmodsec.envbased on*.examplefiles - if testing with Sumologic - register free account, add API credentials to
.envand un-commentdocker-compose-sumologic.yamlin maindocker-compose.yaml. - launch with
docker compose up
Note: there appears to be a concurrency issue with docker logging driver and Fluent Bit, running docker compose up
again is temporary fix until better health check is added.
petskratt/burn-after-readingevals PHP code entered in form. This is intended behavior.- Logging request/response and headers will log also credentials, session cookies and potentially confidential
information. When using this template for production setup you can use
MODSEC_AUDIT_LOG_PARTSinmodsec.envto adjust logging or use example LUA script influent-bit.confto sanitize logged data.
Using the official OWASP image for ModSecurity-CRS as a base image.
References: