Allow more customizations for SecAudit* options

These options controls the audit/transaction logging of modsecurity. By exposing these options via env variable, we can further customize the audit/transaction logging of modsecurity Signed-off-by: Nicolas Bigler <[email protected]>
vshn · Sep 27, 2023 · 706d0ab · 706d0ab
1 parent 65b9e9e
commit 706d0ab
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/v3.3/Dockerfile b/v3.3/Dockerfile
@@ -16,6 +16,9 @@ ENV APACHE_RUN_USER=www-data \
     APACHE_METRICS_DENY_FROM='All' \
     APACHE_METRICS_ALLOW_FROM='127.0.0.0/255.0.0.0 ::1/128' \
     CRS_DISABLE_PLUGINS=0 \
+    MODSEC_AUDIT_ENGINE=RelevantOnly \
+    MODSEC_AUDIT_LOG_RELEVANT_STATUS='^(?:5|4(?!04))' \
+    MODSEC_AUDIT_LOG_PARTS=ABEFHIJZ \
     MODSEC_AUDIT_LOG=/dev/stdout \
     MODSEC_AUDIT_LOG_TYPE=Serial \
     MODSEC_AUDIT_LOG_FORMAT=JSON \

diff --git a/v3.3/modsecurity.d/modsecurity.conf b/v3.3/modsecurity.d/modsecurity.conf
@@ -16,9 +16,9 @@ SecTmpSaveUploadedFiles on
 SecDebugLog ${MODSEC_DEBUG_LOG}
 SecDebugLogLevel ${MODSEC_DEBUG_LOGLEVEL}
 
-SecAuditEngine RelevantOnly
-SecAuditLogRelevantStatus "^(?:5|4(?!04))"
-SecAuditLogParts ABEFHIJZ
+SecAuditEngine ${MODSEC_AUDIT_ENGINE}
+SecAuditLogRelevantStatus ${MODSEC_AUDIT_LOG_RELEVANT_STATUS}
+SecAuditLogParts ${MODSEC_AUDIT_LOG_PARTS}
 
 SecAuditLogType ${MODSEC_AUDIT_LOG_TYPE}
 SecAuditLogFormat ${MODSEC_AUDIT_LOG_FORMAT}