Can't get docker image owasp/modsecurity-crs:apache reverse proxy to work

RAGI

11/27/22, 1:48 PM

I have an endpoint https://my-portal.nl and I wan't to place a WAF with the OWASP Core rule set before it. So I found a Docker image(owasp/modsecurity-crs:apache) that can proxy all the requests to my endpoint (https://my-portal.nl). For some reason I can't get it to work. When I browse for https://localhost I'm getting a

"Forbidden You don't have permission to access this resource." response from the server.

This is the command I executed:

docker run -dti \
  --name apachecrs \
  --env PARANOIA=1 \
  --env ANOMALYIN=5 \
  --env ANOMALYOUT=5 \
  --env ALLOWED_METHODS="GET POST HEAD" \
  --env MAX_FILE_SIZE=5242880 \
  --env RESTRICTED_EXTENSIONS=".conf/" \
  --env PROXY=1 \
  --env PORT=8443 \
  --publish 443:443 \
  --env BACKEND=https://my-portal.nl:8443 \
  owasp/modsecurity-crs:apache

What am I doing wrong?

ANSWERED: There was no issue. The above example is correct. When a rule is active. The proxy returns a:

"Forbidden You don't have permission to access this resource." response from the server.

263

0 + 4

mod-security

docker

A. Darwin

11/27/22, 7:49 PM

Not too familiar with this OWASP Docker image, but what do logs say?

RAGI

11/28/22, 11:32 AM

Not very much. There are no errors displayed in the logging.

RAGI

11/29/22, 9:10 AM

I found the problem. There was a port issue. The reason why this message is showing is because I get a `ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"]`

RAGI

11/29/22, 10:25 AM

When you want more information about whats going wrong enable the debug option. `--env LOGLEVEL=debug`

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can't get docker image owasp/modsecurity-crs:apache reverse proxy to work

TH: ไม่สามารถรับ docker image owasp/modsecurity-crs:apache reverse proxy ให้ทำงานได้

RO: Nu se poate face ca imaginea docker owasp/modsecurity-crs:apache reverse proxy să funcționeze

RU: Не удается заставить работать образ докера owasp/modsecurity-crs:обратный прокси-сервер apache

VI: Không thể để hình ảnh docker owasp/modsecurity-crs: proxy ngược apache hoạt động

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.