Based on the official coreruleset/modsecurity-crs-docker image.
- Contains the necessary tweaks to run on OpenShift
- Sets opinionated default configurations
- Includeds the ClamAV anti-virus scanner client
The latest image can be pulled from
ghcr.io/vshn/modsecurity-docker:latest
Our tags track upstream CRS versions. See ghcr.io/vshn/modsecurity-docker for a list of historic tags.
A very basic Docker Compose setup including this container with httpbin as the backend. To start it, run:
docker compose upOnce the containers are running, you can make requests to it:
curl -i http://localhost:8080/anything
curl -i -H 'Host: vshn.ch' http://localhost:8080/anything
curl -i http://localhost:8080/cookies/set/secret/random-valueFor all supported endpoints, visit localhost:8080.
To publish a new release, simply create & push a new Git Tag.
NOTE: Tags should follow the included CRS version. Use the build number to signify changes to the images with the same CRS number, e.g. v4.3.0-0 -> v4.3.0-1.
One-Liner to create a Tag:
tag="v$(grep '^FROM ' Dockerfile| cut -d':' -f2 | cut -d'-' -f1)-0"; git tag -s "$tag" -m "$tag"Don't forget to git push --tags afterwards!
Most aspects can be configured using environment variables. For a full list of supported environment variables, see the upstream documentation. We use the Apache Alpine image.
HEALTHZ_CIDRS- CIDR from which requests to the/healthzendpoint should be whitelisted. This should usually be set to your Kubernetes host subnet range. Multiple CIDR ranges can be specified. Example:1.2.3.4/24,5.6.7.8/24
This project itself is licensed under BSD 3-Clause, see LICENSE.
This project includes code from the OWASP CRS Docker Image project (Thank you!). See Apache-2.0.txt.
This project includes code from the ClamAV project (Thank you!). See GPLv2.txt.