Merge pull request #38 from GunGonGamLee/36-feat-nginx-방화벽-재도입-owasp-…

…crs-재설정 feat: nginx crs 재구성, 방화벽 재구성
GunGonGamLee · Jan 12, 2024 · 6c15ad2 · 6c15ad2
2 parents 2d64104 + 92435e1
commit 6c15ad2
Show file tree

Hide file tree

Showing 551 changed files with 110,123 additions and 20 deletions.
diff --git a/nginx/config/modsecurity.conf b/nginx/config/modsecurity.conf
@@ -0,0 +1,16 @@
+# /etc/nginx/modsecurity/modsecurity.conf
+Include /etc/nginx/modsecurity/owasp-crs/crs-setup.conf
+Include /etc/nginx/modsecurity/owasp-crs/rules/*.conf
+
+SecRuleEngine DetectionOnly
+SecRequestBodyAccess On
+SecResponseBodyAccess On
+SecResponseBodyMimeType text/plain text/html text/xml
+SecDataDir /var/cache/modsecurity
+SecTmpDir /tmp
+SecAuditLogType Serial
+SecAuditLog /var/log/nginx/modsec_audit.log
+SecDebugLog /var/log/nginx/modsec_debug.log
+SecDebugLogLevel 9
+SecDefaultAction "phase:1,log,auditlog,pass"
+SecDefaultAction "phase:2,log,auditlog,pass"
diff --git a/nginx/config/nginx.conf b/nginx/config/nginx.conf
@@ -13,8 +13,8 @@ http {
     default_type  application/octet-stream;
 
     # Modsecurity 설정 추가
-    modsecurity on;
-    modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
+    # modsecurity on;
+    # modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
 
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -65,19 +65,19 @@ http {
         }
     }
 
-    server {
-        listen 8200;
+    # server {
+    #     listen 8200;
 
-        location / {
-            proxy_pass http://hashicorp_vault:8200;
-            proxy_http_version 1.1;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header X-Forwarded-Host $server_name;
-            proxy_set_header X-Forwarded-Proto https;
-       }
-    }
+    #     # location / {
+    #         proxy_pass http://hashicorp_vault:8200;
+    #         proxy_http_version 1.1;
+    #         proxy_set_header Host $host;
+    #         proxy_set_header X-Real-IP $remote_addr;
+    #         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #         proxy_set_header X-Forwarded-Host $server_name;
+    #         proxy_set_header X-Forwarded-Proto https;
+    #    }
+    # }
 
     # HTTPS 서버 설정
     server {
@@ -87,8 +87,8 @@ http {
         ssl_certificate_key /etc/nginx/certs/server.key;
         ssl_protocols TLSv1.1 TLSv1.2;
 
-        # modsecurity on;
-        # modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
+        modsecurity on;
+        modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
 
         location / {
             proxy_pass http://django_node_app:8000; # Django 앱을 HTTPS로 리디렉션
@@ -99,9 +99,9 @@ http {
             proxy_cache_bypass $http_upgrade;
         }
 
-        location /vault {
-            proxy_pass http://hashicorp_vault:8200; # vault 앱을 HTTPS로 리디렉션
-            proxy_set_header Host $host;
-        }
+        # location /vault {
+            # proxy_pass http://hashicorp_vault:8200; # vault 앱을 HTTPS로 리디렉션
+            # proxy_set_header Host $host;
+        # }
     }
 }
diff --git a/nginx/config/owasp-crs/CHANGES.md b/nginx/config/owasp-crs/CHANGES.md
diff --git a/nginx/config/owasp-crs/CONTRIBUTING.md b/nginx/config/owasp-crs/CONTRIBUTING.md
diff --git a/nginx/config/owasp-crs/CONTRIBUTORS.md b/nginx/config/owasp-crs/CONTRIBUTORS.md
@@ -0,0 +1,143 @@
+# Contributors
+
+## Project Co-Leads:
+
+- [Christian Folini](https://github.com/dune73)
+- [Walter Hop](https://github.com/lifeforms)
+- [Felipe Zipitría](https://github.com/fzipi)
+
+## Developers:
+
+- [Paul Beckett](https://github.com/53cur3M3)
+- [Franziska Bühler](https://github.com/franbuehler)
+- [Christoph Hansen](https://github.com/emphazer)
+- [Ervin Hegedus](https://github.com/airween)
+- [Andrew Howe](https://github.com/RedXanadu)
+- [Karel Knibbe](https://github.com/karelorigin)
+- [Max Leske](https://github.com/theseion)
+- [Andrea Menin](https://github.com/theMiddleBlue)
+- [Matteo Pace](https://github.com/M4tteoP)
+- [Jitendra Patro](https://github.com/Xhoenix)
+- [Chaim Sanders](https://github.com/csanders-git)
+- [Federico G. Schwindt](https://github.com/fgsch)
+- [Manuel Leos Rivas](https://github.com/spartantri)
+- [Simon Studer](https://github.com/studersi)
+- [Jozef Sudolský](https://github.com/azurit)
+
+## Contributors:
+
+- [agusmu](https://github.com/agusmu)
+- [Amir Hosein Aliakbarian](https://github.com/AmirHoseinAliakbarian)
+- [Zack Allen](https://github.com/zmallen)
+- [azhao155](https://github.com/azhao155)
+- [Matt Bagley](https://github.com/bagley)
+- [Ryan Barnett](https://github.com/rcbarnett)
+- [Soufiane Benali](https://github.com/soufianebenali)
+- [Peter Bittner](https://github.com/bittner)
+- [Allan Boll](https://github.com/allanbomsft)
+- [Jeremy Brown](https://github.com/jwbrown77)
+- [Esad Cetiner](https://github.com/esadcetiner/)
+- [Brent Clark](https://github.com/brentclark)
+- [Jonathan Claudius](https://github.com/claudijd)
+- [coolt](https://github.com/coolt)
+- [Hussein Daher](https://github.com/hussein98d)
+- [Abu Dawud](https://github.com/abudawud)
+- [Ashish Dixit](https://github.com/tundal45)
+- [Mirko Dziadzka](https://github.com/mirkodziadzka-avi)
+- [Padraig Doran](https://github.com/padraigdoran)
+- [Dan Ehrlich](https://github.com/danehrlich1)
+- [İlteriş Eroğlu](https://github.com/linuxgemini)
+- [Umar Farook](https://github.com/umarfarook882)
+- [flo405](https://github.com/flo405)
+- [Fregf](https://github.com/Fregf)
+- [FrozenSolid](https://github.com/frozenSolid)
+- [Pásztor Gábor](https://github.com/gpasztor87)
+- [Jan Gora](https://github.com/terjanq)
+- [Aaron Haaf](https://github.com/Everspace)
+- [Michael Haas](https://github.com/MichaelHaas)
+- [henkworks](https://github.com/henkworks)
+- [Tim Herren](https://github.com/nerrehmit)
+- [Victor Hora](https://github.com/victorhora)
+- [itsTheFae](https://github.com/itsTheFae)
+- [jamuse](https://github.com/jamuse)
+- [jeremyjpj0916](https://github.com/jeremyjpj0916)
+- [jschleus](https://github.com/jschleus)
+- [k4n5ha0](https://github.com/k4n5ha0)
+- [kam821](https://github.com/kam821)
+- [Katherine](https://github.com/katef)
+- [kyzentun](https://github.com/kyzentun)
+- [Joost de Keijzer](https://github.com/joostdekeijzer)
+- [Krzysztof Kotowicz](https://github.com/koto)
+- [Evgeny Marmalstein](https://github.com/shimshon70)
+- [meetug](https://github.com/meetug)
+- [Christian Mehlmauer](https://github.com/FireFart)
+- [Pinaki Mondal](https://github.com/0xinfection)
+- [Glyn Mooney](https://github.com/skidoosh)
+- [na1ex](https://github.com/na1ex)
+- [Jose Nazario](https://github.com/paralax)
+- [Scott O'Neil](https://github.com/cPanelScott)
+- [NiceYouKnow](https://github.com/NiceYouKnow)
+- [nobletrout](https://github.com/nobletrout)
+- [Fernando Outeda](https://github.com/fog94)
+- [NullIsNot0](https://github.com/NullIsNot0)
+- [Robert Paprocki](https://github.com/p0pr0ck5)
+- [Christian Peron](https://github.com/csjperon)
+- [Elia Pinto](https://github.com/yersinia)
+- [pyllyukko](https://github.com/pyllyukko)
+- [Brian Rectanus](https://github.com/b1v1r)
+- [Vandan Rohatgi](https://github.com/vandanrohatgi)
+- [Rufus125](https://github.com/Rufus125)
+- Ofer Shezaf
+- [Takaya Saeki](https://github.com/nullpo-head)
+- Breno Silva
+- [Deepshikha Sinha](https://github.com/deepshikha-s)
+- siric\_
+- Emile-Hugo Spir
+- [somechris](https://github.com/somechris)
+- [Marc Stern](https://github.com/marcstern)
+- [supplient](https://github.com/supplient)
+- [Mike Taylor](https://github.com/miketaylr)
+- [ThanhPT](https://github.com/nevol1708)
+- [Timo](https://github.com/ntimo)
+- [Juan-Pablo Tosso](https://github.com/jptosso)
+- [vijayasija99](https://github.com/vijayasija99)
+- [Ben Williams](https://github.com/benwilliams)
+- [Anna Winkler](https://github.com/annawinkler)
+- [Avery Wong](https://github.com/4v3r9)
+- [Will Woodson](https://github.com/wjwoodson)
+- [Greg Wroblewski](https://github.com/gwroblew)
+- [XeroChen](https://github.com/XeroChen)
+- [ygrek](https://github.com/ygrek)
+- [Yu Yagihashi](https://github.com/yagihash)
+- [Felipe "Zimmerle" Costa](https://github.com/zimmerle)
+- [Zino](https://github.com/zinoe)
+- Josh Zlatin
+- [Zou Guangxian](https://github.com/zouguangxian)
+- [4ft35t](https://github.com/4ft35t)
+- [Andy Clapson](https://github.com/Homesteady)
+- [Anuraag Agrawal](https://github.com/anuraaga)
+- [Christian Aistleitner](https://github.com/somechris)
+- [Dennis Brown](https://github.com/MutableLoss)
+- [Dexter Chang](https://github.com/dextermallo)
+- [Esa Jokinen](https://github.com/oh2fih)
+- [Finn Westendorf](https://github.com/wfinn)
+- [Gwendal Le Coguic](https://github.com/gwen001)
+- [Jean-François Viguier](https://github.com/jf-viguier)
+- [Juan Pablo Tosso](https://github.com/jptosso)
+- [Karel](https://github.com/karelorigin)
+- [Khiem Doan](https://github.com/khiemdoan)
+- [Mark Zeman](https://github.com/KramNamez)
+- [Priyam Patel](https://github.com/priyam001)
+- [Robert DeBoer](https://github.com/robertdeboer)
+- [Somdev Sangwan](https://github.com/s0md3v)
+- [Stephen Sigwart](https://github.com/ssigwart)
+- [Zerorigin](https://github.com/Zerorigin)
+- [Syin Wu](https://github.com/bxlxx)
+- [henkdswiss](https://github.com/henkworks)
+- [ignatiev](https://github.com/ignatiev)
+- [oct0pus7](https://github.com/oct0pus7)
+- [Timo](https://github.com/ntimo)
+- [rekter0](https://github.com/rekter0)
+- [ThanhPT](https://github.com/thanhpt1708)
+- [Vandan Rohatgi](https://github.com/vandanrohatgi)
+- [NiceYouKnow](https://github.com/NiceYouKnow)