services: modsec2-apache: container_name: modsec2-apache image: owasp/modsecurity-crs:apache # NOTE: The user used to run the container process is explicitly set to # 'root'. This fixes issues with permissions on the logging directories used # as bind mounts. This is done as *a convenience for running the CRS testing # setup only* and *should not be done in general!* user: root environment: ACCESSLOG: "/var/log/apache2/access.log" BACKEND: http://backend COMBINED_FILE_SIZES: "65535" CRS_ENABLE_TEST_MARKER: 1 ERRORLOG: "/var/log/apache2/error.log" MODSEC_AUDIT_LOG: "/var/log/apache2/modsec_audit.log" MODSEC_AUDIT_LOG_FORMAT: Native MODSEC_AUDIT_LOG_TYPE: Serial MODSEC_RESP_BODY_ACCESS: "On" MODSEC_RESP_BODY_MIMETYPE: "text/plain text/html text/xml application/json" MODSEC_RULE_ENGINE: DetectionOnly MODSEC_TMP_DIR: "/tmp" PARANOIA: 4 PORT: "8080" SERVERNAME: modsec2-apache volumes: - ./logs/modsec2-apache:/var/log/apache2:rw - ../rules:/opt/owasp-crs/rules:ro - ../crs-setup.conf.example:/etc/modsecurity.d/owasp-crs/crs-setup.conf.example entrypoint: ["/bin/sh", "-c", "/bin/cp /etc/modsecurity.d/owasp-crs/crs-setup.conf.example /etc/modsecurity.d/owasp-crs/crs-setup.conf && /docker-entrypoint.sh httpd-foreground"] ports: - "80:8080" depends_on: - backend modsec3-nginx: container_name: modsec3-nginx image: owasp/modsecurity-crs:nginx # NOTE: The user used to run the container process is explicitly set to # 'root'. This fixes issues with permissions on the logging directories used # as bind mounts. This is done as *a convenience for running the CRS testing # setup only* and *should not be done in general!* user: root environment: ACCESSLOG: "/var/log/nginx/access.log" BACKEND: http://backend COMBINED_FILE_SIZES: "65535" CRS_ENABLE_TEST_MARKER: 1 ERRORLOG: "/var/log/nginx/error.log" LOGLEVEL: "info" MODSEC_AUDIT_LOG: "/var/log/nginx/modsec_audit.log" MODSEC_AUDIT_LOG_FORMAT: Native MODSEC_AUDIT_LOG_TYPE: Serial MODSEC_RESP_BODY_ACCESS: "On" MODSEC_RESP_BODY_MIMETYPE: "text/plain text/html text/xml application/json" MODSEC_RULE_ENGINE: DetectionOnly PARANOIA: 4 PORT: "8080" SERVERNAME: modsec3-nginx volumes: - ./logs/modsec3-nginx:/var/log/nginx:rw - ../rules:/opt/owasp-crs/rules:ro - ../crs-setup.conf.example:/etc/modsecurity.d/owasp-crs/crs-setup.conf.example command: ["nginx", "-g", "daemon off;"] ports: - "80:8080" depends_on: - backend # our test originally targeted www.example.com as backend # and that would do real traffic, to a real site # backend: image: docker.io/kennethreitz/httpbin