ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
Build the image:
docker build -t modsec .
Run the Image:
docker run -ti --rm -p 80:80 modsec
This will start an Apache Webserver, on port 80, with ModSecurity installed.
You can access this webserver typically by navigating to http://localhost
Note: ModSecurity without any ruleset isn't very helpful. A common ruleset, the OWASP Core Rule Set (CRS), is available free on GitHub. CRS has it's own Dockerfile that builds on this image.
This image builds ModSecurity with the recommended configuration by default.
This configuration blocks very little. Please see the Recommended Configuration for more details
Enable TLS by setting ARG SETTLS=True
.
If you want to run your web traffic over SSL/TLS, the simplest setup is to COPY or mount (-v) your server.crt and server.key into /usr/local/apache2/conf/.
Basic support for generating a server certificate is provided by running RUN openssl req -x509 ...
and thus creating a server.crt and server.key during docker build
. Provide appropriate information in openssl.conf.
Enable Reverse Proxy mode by setting ARG SETPROXY=True
and appropriate ARG PROXYLOCATION=
in Dockerfile.
You can also add your own httpd.conf and configure TLS and Reverse Proxy there:
docker run -v $(pwd)/httpd.conf:/usr/local/apache2/conf/httpd.conf -ti --rm -p 80:80 -p 443:443 modsec
Please provide all relevant information when using your own httpd.conf!
At this point, there are no configuration options for this image.
License: Apache 2.0 license, see LICENSE. Author: Chaim Sanders ( @csanders-git ) and contributors