Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: nginx crs 재구성, 방화벽 재구성 #38

Merged
merged 1 commit into from
Jan 12, 2024
Merged

feat: nginx crs 재구성, 방화벽 재구성 #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
16 changes: 16 additions & 0 deletions nginx/config/modsecurity.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# /etc/nginx/modsecurity/modsecurity.conf
Include /etc/nginx/modsecurity/owasp-crs/crs-setup.conf
Include /etc/nginx/modsecurity/owasp-crs/rules/*.conf

SecRuleEngine DetectionOnly
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecDataDir /var/cache/modsecurity
SecTmpDir /tmp
SecAuditLogType Serial
SecAuditLog /var/log/nginx/modsec_audit.log
SecDebugLog /var/log/nginx/modsec_debug.log
SecDebugLogLevel 9
SecDefaultAction "phase:1,log,auditlog,pass"
SecDefaultAction "phase:2,log,auditlog,pass"
40 changes: 20 additions & 20 deletions nginx/config/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ http {
default_type application/octet-stream;

# Modsecurity 설정 추가
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
# modsecurity on;
# modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;


log_format main '$remote_addr - $remote_user [$time_local] "$request" '
Expand Down Expand Up @@ -65,19 +65,19 @@ http {
}
}

server {
listen 8200;
# server {
# listen 8200;

location / {
proxy_pass http://hashicorp_vault:8200;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
}
}
# # location / {
# proxy_pass http://hashicorp_vault:8200;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $server_name;
# proxy_set_header X-Forwarded-Proto https;
# }
# }

# HTTPS 서버 설정
server {
Expand All @@ -87,8 +87,8 @@ http {
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_protocols TLSv1.1 TLSv1.2;

# modsecurity on;
# modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;
modsecurity on;
modsecurity_rules_file /etc/nginx/modsecurity/modsecurity.conf;

location / {
proxy_pass http://django_node_app:8000; # Django 앱을 HTTPS로 리디렉션
Expand All @@ -99,9 +99,9 @@ http {
proxy_cache_bypass $http_upgrade;
}

location /vault {
proxy_pass http://hashicorp_vault:8200; # vault 앱을 HTTPS로 리디렉션
proxy_set_header Host $host;
}
# location /vault {
# proxy_pass http://hashicorp_vault:8200; # vault 앱을 HTTPS로 리디렉션
# proxy_set_header Host $host;
# }
}
}
1,901 changes: 1,901 additions & 0 deletions nginx/config/owasp-crs/CHANGES.md
View file
Open in desktop

Large diffs are not rendered by default.

469 changes: 469 additions & 0 deletions nginx/config/owasp-crs/CONTRIBUTING.md
View file
Open in desktop

Large diffs are not rendered by default.

143 changes: 143 additions & 0 deletions nginx/config/owasp-crs/CONTRIBUTORS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
# Contributors

## Project Co-Leads:

- [Christian Folini](https://github.com/dune73)
- [Walter Hop](https://github.com/lifeforms)
- [Felipe Zipitría](https://github.com/fzipi)

## Developers:

- [Paul Beckett](https://github.com/53cur3M3)
- [Franziska Bühler](https://github.com/franbuehler)
- [Christoph Hansen](https://github.com/emphazer)
- [Ervin Hegedus](https://github.com/airween)
- [Andrew Howe](https://github.com/RedXanadu)
- [Karel Knibbe](https://github.com/karelorigin)
- [Max Leske](https://github.com/theseion)
- [Andrea Menin](https://github.com/theMiddleBlue)
- [Matteo Pace](https://github.com/M4tteoP)
- [Jitendra Patro](https://github.com/Xhoenix)
- [Chaim Sanders](https://github.com/csanders-git)
- [Federico G. Schwindt](https://github.com/fgsch)
- [Manuel Leos Rivas](https://github.com/spartantri)
- [Simon Studer](https://github.com/studersi)
- [Jozef Sudolský](https://github.com/azurit)

## Contributors:

- [agusmu](https://github.com/agusmu)
- [Amir Hosein Aliakbarian](https://github.com/AmirHoseinAliakbarian)
- [Zack Allen](https://github.com/zmallen)
- [azhao155](https://github.com/azhao155)
- [Matt Bagley](https://github.com/bagley)
- [Ryan Barnett](https://github.com/rcbarnett)
- [Soufiane Benali](https://github.com/soufianebenali)
- [Peter Bittner](https://github.com/bittner)
- [Allan Boll](https://github.com/allanbomsft)
- [Jeremy Brown](https://github.com/jwbrown77)
- [Esad Cetiner](https://github.com/esadcetiner/)
- [Brent Clark](https://github.com/brentclark)
- [Jonathan Claudius](https://github.com/claudijd)
- [coolt](https://github.com/coolt)
- [Hussein Daher](https://github.com/hussein98d)
- [Abu Dawud](https://github.com/abudawud)
- [Ashish Dixit](https://github.com/tundal45)
- [Mirko Dziadzka](https://github.com/mirkodziadzka-avi)
- [Padraig Doran](https://github.com/padraigdoran)
- [Dan Ehrlich](https://github.com/danehrlich1)
- [İlteriş Eroğlu](https://github.com/linuxgemini)
- [Umar Farook](https://github.com/umarfarook882)
- [flo405](https://github.com/flo405)
- [Fregf](https://github.com/Fregf)
- [FrozenSolid](https://github.com/frozenSolid)
- [Pásztor Gábor](https://github.com/gpasztor87)
- [Jan Gora](https://github.com/terjanq)
- [Aaron Haaf](https://github.com/Everspace)
- [Michael Haas](https://github.com/MichaelHaas)
- [henkworks](https://github.com/henkworks)
- [Tim Herren](https://github.com/nerrehmit)
- [Victor Hora](https://github.com/victorhora)
- [itsTheFae](https://github.com/itsTheFae)
- [jamuse](https://github.com/jamuse)
- [jeremyjpj0916](https://github.com/jeremyjpj0916)
- [jschleus](https://github.com/jschleus)
- [k4n5ha0](https://github.com/k4n5ha0)
- [kam821](https://github.com/kam821)
- [Katherine](https://github.com/katef)
- [kyzentun](https://github.com/kyzentun)
- [Joost de Keijzer](https://github.com/joostdekeijzer)
- [Krzysztof Kotowicz](https://github.com/koto)
- [Evgeny Marmalstein](https://github.com/shimshon70)
- [meetug](https://github.com/meetug)
- [Christian Mehlmauer](https://github.com/FireFart)
- [Pinaki Mondal](https://github.com/0xinfection)
- [Glyn Mooney](https://github.com/skidoosh)
- [na1ex](https://github.com/na1ex)
- [Jose Nazario](https://github.com/paralax)
- [Scott O'Neil](https://github.com/cPanelScott)
- [NiceYouKnow](https://github.com/NiceYouKnow)
- [nobletrout](https://github.com/nobletrout)
- [Fernando Outeda](https://github.com/fog94)
- [NullIsNot0](https://github.com/NullIsNot0)
- [Robert Paprocki](https://github.com/p0pr0ck5)
- [Christian Peron](https://github.com/csjperon)
- [Elia Pinto](https://github.com/yersinia)
- [pyllyukko](https://github.com/pyllyukko)
- [Brian Rectanus](https://github.com/b1v1r)
- [Vandan Rohatgi](https://github.com/vandanrohatgi)
- [Rufus125](https://github.com/Rufus125)
- Ofer Shezaf
- [Takaya Saeki](https://github.com/nullpo-head)
- Breno Silva
- [Deepshikha Sinha](https://github.com/deepshikha-s)
- siric\_
- Emile-Hugo Spir
- [somechris](https://github.com/somechris)
- [Marc Stern](https://github.com/marcstern)
- [supplient](https://github.com/supplient)
- [Mike Taylor](https://github.com/miketaylr)
- [ThanhPT](https://github.com/nevol1708)
- [Timo](https://github.com/ntimo)
- [Juan-Pablo Tosso](https://github.com/jptosso)
- [vijayasija99](https://github.com/vijayasija99)
- [Ben Williams](https://github.com/benwilliams)
- [Anna Winkler](https://github.com/annawinkler)
- [Avery Wong](https://github.com/4v3r9)
- [Will Woodson](https://github.com/wjwoodson)
- [Greg Wroblewski](https://github.com/gwroblew)
- [XeroChen](https://github.com/XeroChen)
- [ygrek](https://github.com/ygrek)
- [Yu Yagihashi](https://github.com/yagihash)
- [Felipe "Zimmerle" Costa](https://github.com/zimmerle)
- [Zino](https://github.com/zinoe)
- Josh Zlatin
- [Zou Guangxian](https://github.com/zouguangxian)
- [4ft35t](https://github.com/4ft35t)
- [Andy Clapson](https://github.com/Homesteady)
- [Anuraag Agrawal](https://github.com/anuraaga)
- [Christian Aistleitner](https://github.com/somechris)
- [Dennis Brown](https://github.com/MutableLoss)
- [Dexter Chang](https://github.com/dextermallo)
- [Esa Jokinen](https://github.com/oh2fih)
- [Finn Westendorf](https://github.com/wfinn)
- [Gwendal Le Coguic](https://github.com/gwen001)
- [Jean-François Viguier](https://github.com/jf-viguier)
- [Juan Pablo Tosso](https://github.com/jptosso)
- [Karel](https://github.com/karelorigin)
- [Khiem Doan](https://github.com/khiemdoan)
- [Mark Zeman](https://github.com/KramNamez)
- [Priyam Patel](https://github.com/priyam001)
- [Robert DeBoer](https://github.com/robertdeboer)
- [Somdev Sangwan](https://github.com/s0md3v)
- [Stephen Sigwart](https://github.com/ssigwart)
- [Zerorigin](https://github.com/Zerorigin)
- [Syin Wu](https://github.com/bxlxx)
- [henkdswiss](https://github.com/henkworks)
- [ignatiev](https://github.com/ignatiev)
- [oct0pus7](https://github.com/oct0pus7)
- [Timo](https://github.com/ntimo)
- [rekter0](https://github.com/rekter0)
- [ThanhPT](https://github.com/thanhpt1708)
- [Vandan Rohatgi](https://github.com/vandanrohatgi)
- [NiceYouKnow](https://github.com/NiceYouKnow)
Loading