Apache ModSecurity:另一个具有相同ID错误的规则

时间:2018-10-31 11:29:08

标签: apache docker mod-security

我正在尝试在Docker容器中使用ModSecurity Rule set设置Apache服务器。我遵循了一些教程(thisthisthis)来构建安全的Apache服务器。但是我无法使服务器使用规则集。

我收到此错误:

AH00526: Syntax error on line 855 of /etc/httpd/modsecurity.d/crs-setup.conf:
ModSecurity: Found another rule with the same id

我搜索了错误,然后根据答案on this page,错误在于两次包含相同的规则。但据我所知,我没有两次包含相同的规则,所以我想知道错误是否在其他地方。

我的项目文件结构如下:

.
├── conf
│   └── httpd.conf
├── Dockerfile
├── index.html
├── modsecurity.d
│   ├── crs-setup.conf
│   ├── modsecurity.conf
│   └── rules

httpd.conf文件是用于Apache服务器的默认配置文件,并且通过命令将modsecurity配置插入Dockerfile中。

Dockerfile具有以下配置

FROM centos:7

RUN yum -y update && \
    yum -y install less which tree httpd mod_security && \
    yum clean all

COPY index.html /var/www/html/

#COPY conf/ /etc/httpd/conf/
COPY modsecurity.d/crs-setup.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/modsecurity.conf /etc/httpd/modsecurity.d/
COPY modsecurity.d/rules/* /etc/httpd/modsecurity.d/rules/

RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo "  Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "  Include modsecurity.d/rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "  SecRuleEngine On" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf

EXPOSE 80

CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]

index.html只是一个基本的hello文件:

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" lang="en">
  </head>
  <body>
    <h1>Hello there</h1>
  </body>
</html>

crs-setup.conf具有以下内容(不包括所有评论)

SecRuleEngine On
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"
SecCollectionTimeout 600
SecAction \
 "id:900990,\
  phase:1,\
  nolog,\
  pass,\
  t:none,\
  setvar:tx.crs_setup_version=310"

modsecurity.conf只有这两行

SecRequestBodyAccess On
SecStatusEngine On

rules是一个包含ModSecurity规则集的目录。

如果有人想查看整个设置,我还将项目文件放在github上。

1 个答案:

答案 0 :(得分:0)

我发现了为什么我得到了错误。 ModSecurity配置文件的名称错误,并且规则文件已放置在错误的目录中。

ModSecurity文件为modsecurity.conf,实际上应该为mod_security.conf,请注意下划线(source)。规则文件应该已经放置在名为activated_rules (source)的文件夹中。

在我的工作配置中,我现在具有以下文件夹结构:

.
├── conf
│   └── httpd.conf
├── Dockerfile
├── index.html
└── modsecurity.d
    ├── crs-setup.conf
    ├── mod_security.conf
    └── activated_rules

Dockerfile如下

FROM centos:7

RUN yum -y update && \
    yum -y install less which tree httpd mod_security && \
    yum clean all

COPY index.html /var/www/html/

RUN echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf
RUN echo "<IfModule security2_module>" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/crs-setup.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "Include modsecurity.d/activated_rules/*.conf" >> /etc/httpd/conf/httpd.conf
RUN echo "</IfModule>" >> /etc/httpd/conf/httpd.conf


COPY modsecurity.d/crs-setup.conf     /etc/httpd/modsecurity.d/
COPY modsecurity.d/mod_security.conf  /etc/httpd/conf.d/
COPY modsecurity.d/rules/*            /etc/httpd/modsecurity.d/activated_rules/

EXPOSE 80

CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]