From 7c6a13c5491836e1e5289db233051912725ad0ca Mon Sep 17 00:00:00 2001 From: bunkerity Date: Mon, 17 May 2021 10:26:35 +0200 Subject: [PATCH] examples - improve nextcloud example so it works with webdav clients --- examples/multisite-custom-server-confs/docker-compose.yml | 3 ++- .../modsec-confs/nc.website.com/nextcloud.conf | 2 +- examples/nextcloud/docker-compose.yml | 3 ++- examples/nextcloud/modsec-confs/nextcloud.conf | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/examples/multisite-custom-server-confs/docker-compose.yml b/examples/multisite-custom-server-confs/docker-compose.yml index 83c60ee..f96b406 100644 --- a/examples/multisite-custom-server-confs/docker-compose.yml +++ b/examples/multisite-custom-server-confs/docker-compose.yml @@ -32,7 +32,8 @@ services: - nc.website.com_LIMIT_REQ_BURST=10 - nc.website.com_ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS - nc.website.com_X_FRAME_OPTIONS=SAMEORIGIN - - nc.website.com_BAD_BEHAVIOR_STATUS_CODES=400|401|403|405|444 + - nc.website.com_BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 444 + - nc.website.com_WHITELIST_USER_AGENT=WebDAV networks: - net1 - net2 diff --git a/examples/multisite-custom-server-confs/modsec-confs/nc.website.com/nextcloud.conf b/examples/multisite-custom-server-confs/modsec-confs/nc.website.com/nextcloud.conf index 87d3748..a518a52 100644 --- a/examples/multisite-custom-server-confs/modsec-confs/nc.website.com/nextcloud.conf +++ b/examples/multisite-custom-server-confs/modsec-confs/nc.website.com/nextcloud.conf @@ -1,2 +1,2 @@ SecRuleRemoveById 921110 -SecRule REQUEST_FILENAME "@contains /remote.php/webdav" "id:1,ctl:ruleRemoveByTag=OWASP_CRS" +SecRule REQUEST_FILENAME "@contains /remote.php/webdav" "id:1,nolog,pass,ctl:ruleRemoveByTag=OWASP_CRS" diff --git a/examples/nextcloud/docker-compose.yml b/examples/nextcloud/docker-compose.yml index 85f10fe..2d4bfdf 100644 --- a/examples/nextcloud/docker-compose.yml +++ b/examples/nextcloud/docker-compose.yml @@ -30,7 +30,8 @@ services: - ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS - X_FRAME_OPTIONS=SAMEORIGIN - USE_GZIP=yes - - BAD_BEHAVIOR_STATUS_CODES=400|401|403|405|444 + - BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 444 + - WHITELIST_USER_AGENT=WebDAV mync: image: nextcloud:21-fpm diff --git a/examples/nextcloud/modsec-confs/nextcloud.conf b/examples/nextcloud/modsec-confs/nextcloud.conf index 87d3748..a518a52 100644 --- a/examples/nextcloud/modsec-confs/nextcloud.conf +++ b/examples/nextcloud/modsec-confs/nextcloud.conf @@ -1,2 +1,2 @@ SecRuleRemoveById 921110 -SecRule REQUEST_FILENAME "@contains /remote.php/webdav" "id:1,ctl:ruleRemoveByTag=OWASP_CRS" +SecRule REQUEST_FILENAME "@contains /remote.php/webdav" "id:1,nolog,pass,ctl:ruleRemoveByTag=OWASP_CRS"