From 706d0ab2df9d312ca15ce8710b90dec4adf5ff57 Mon Sep 17 00:00:00 2001
From: Nicolas Bigler <nicolas.bigler@vshn.ch>
Date: Wed, 27 Sep 2023 10:45:03 +0200
Subject: [PATCH] Allow more customizations for SecAudit* options

These options controls the audit/transaction logging of modsecurity. By
exposing these options via env variable, we can further customize the
audit/transaction logging of modsecurity

Signed-off-by: Nicolas Bigler <nicolas.bigler@vshn.ch>
---
 v3.3/Dockerfile                     | 3 +++
 v3.3/modsecurity.d/modsecurity.conf | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/v3.3/Dockerfile b/v3.3/Dockerfile
index 8f67e31..e9896d1 100644
--- a/v3.3/Dockerfile
+++ b/v3.3/Dockerfile
@@ -16,6 +16,9 @@ ENV APACHE_RUN_USER=www-data \
     APACHE_METRICS_DENY_FROM='All' \
     APACHE_METRICS_ALLOW_FROM='127.0.0.0/255.0.0.0 ::1/128' \
     CRS_DISABLE_PLUGINS=0 \
+    MODSEC_AUDIT_ENGINE=RelevantOnly \
+    MODSEC_AUDIT_LOG_RELEVANT_STATUS='^(?:5|4(?!04))' \
+    MODSEC_AUDIT_LOG_PARTS=ABEFHIJZ \
     MODSEC_AUDIT_LOG=/dev/stdout \
     MODSEC_AUDIT_LOG_TYPE=Serial \
     MODSEC_AUDIT_LOG_FORMAT=JSON \
diff --git a/v3.3/modsecurity.d/modsecurity.conf b/v3.3/modsecurity.d/modsecurity.conf
index c46683d..6660d17 100644
--- a/v3.3/modsecurity.d/modsecurity.conf
+++ b/v3.3/modsecurity.d/modsecurity.conf
@@ -16,9 +16,9 @@ SecTmpSaveUploadedFiles on
 SecDebugLog ${MODSEC_DEBUG_LOG}
 SecDebugLogLevel ${MODSEC_DEBUG_LOGLEVEL}
 
-SecAuditEngine RelevantOnly
-SecAuditLogRelevantStatus "^(?:5|4(?!04))"
-SecAuditLogParts ABEFHIJZ
+SecAuditEngine ${MODSEC_AUDIT_ENGINE}
+SecAuditLogRelevantStatus ${MODSEC_AUDIT_LOG_RELEVANT_STATUS}
+SecAuditLogParts ${MODSEC_AUDIT_LOG_PARTS}
 
 SecAuditLogType ${MODSEC_AUDIT_LOG_TYPE}
 SecAuditLogFormat ${MODSEC_AUDIT_LOG_FORMAT}