Skip to content
This repository has been archived by the owner on Nov 26, 2022. It is now read-only.

Use cleaner approach to include ModSecurity config #34

Merged
merged 2 commits into from
Feb 20, 2020
Merged

Use cleaner approach to include ModSecurity config #34

merged 2 commits into from
Feb 20, 2020

Conversation

bittner
Copy link
Contributor

@bittner bittner commented Feb 20, 2020

In our quest to enhance maintenability we've identified that extending the Apache configuration is not as straight-forward as it could be.

These changes:

  • Remove the before/after logging configuration setup (we'll add the appropriate configuration in the CRS Docker image instead)
  • Apply an in-place replacement (instead of adding another line) for some existing changes in conf/httpd.conf
  • Add a new conf/extra/httpd-modsecurity.conf file that houses all the necessary configuration just for ModSecurity in a single location

I'm still not 100% happy with:

  1. the absolute path used in the Include /etc/modsecurity.d/include.conf statement (this was probably added for technical reasons, to make the include outside of the Apache conf folder work)
  2. the file name of /etc/modsecurity.d/include.conf as such (it should probably convey "use me to include the ModSecurity configuration from Apache", but the pattern of "include" is broken here)

Improvement suggestions welcome!

@bittner bittner requested a review from srueg February 20, 2020 12:01
@zugao zugao self-requested a review February 20, 2020 13:30
@zugao zugao force-pushed the feature/cleaner-inclusion-httpd-modsecurity branch from 39dc31a to fb6c3ac Compare February 20, 2020 16:27
@zugao zugao force-pushed the feature/cleaner-inclusion-httpd-modsecurity branch from fb6c3ac to 74b9b63 Compare February 20, 2020 16:31
zugao
zugao approved these changes Feb 20, 2020
View reviewed changes
Copy link
Contributor

@zugao zugao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked the pull request and everything looks good. Added a commit to trigger the workflow on every push to the repository. The image push step is triggered only on master branch. @bittner take a look please.

@bittner bittner merged commit 74aa127 into master Feb 20, 2020
@bittner bittner deleted the feature/cleaner-inclusion-httpd-modsecurity branch February 20, 2020 18:39
@bittner
Copy link
Contributor Author

bittner commented Feb 20, 2020

Relates to #32.

@bittner bittner mentioned this pull request Feb 20, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zugao zugao zugao approved these changes

@srueg srueg srueg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bittner @srueg @zugao