Put rules back in the correct order
This commit is contained in:
Karl Stoney
parent
04330c0c70
commit
fc7b6059e1
1 changed files with 30 additions and 5 deletions
|
|
@ -215,11 +215,36 @@ cd modsecurity
|
||||||
curl -sSL -o modsecurity.conf https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/dev/performance/modsecurity.conf-recommended
|
curl -sSL -o modsecurity.conf https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/dev/performance/modsecurity.conf-recommended
|
||||||
|
|
||||||
# OWASP CRS v3 rules
|
# OWASP CRS v3 rules
|
||||||
MODSEC_DIR=/etc/nginx/owasp-modsecurity-crs
|
echo "
|
||||||
MODSEC_CONF=$MODSEC_DIR/nginx-modsecurity.conf
|
Include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf
|
||||||
echo "Include /etc/nginx/owasp-modsecurity-crs/crs-setup.conf" > $MODSEC_CONF
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
|
||||||
ls $MODSEC_DIR/rules/REQUEST-* | xargs -n 1 echo "Include" >> $MODSEC_CONF
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
|
||||||
ls $MODSEC_DIR/rules/RESPONSE-* | xargs -n 1 echo "Include" >> $MODSEC_CONF
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-905-COMMON-EXCEPTIONS.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-912-DOS-PROTECTION.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-950-DATA-LEAKAGES.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-959-BLOCKING-EVALUATION.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf
|
||||||
|
Include /etc/nginx/owasp-modsecurity-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
|
||||||
|
" > /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
|
||||||
|
|
||||||
# build nginx
|
# build nginx
|
||||||
cd "$BUILD_PATH/nginx-$NGINX_VERSION"
|
cd "$BUILD_PATH/nginx-$NGINX_VERSION"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue