Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix CVE-2021-20205 and examples update

Browse Source
This commit is contained in:
bunkerity
2021-04-26 17:00:23 +02:00
parent 1a7abab570
commit a98dae1fb6
34 changed files with 268 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
examples/nextcloud/docker-compose.yml
View File

@@ -23,16 +23,16 @@ services:
- USE_CLIENT_CACHE=yes
- REMOTE_PHP=mync
- REMOTE_PHP_PATH=/var/www/html
- LIMIT_REQ_RATE=40r/s
- LIMIT_REQ_BURST=60
- ALLOWED_METHODS=GET|POST|HEAD|PROPFIND|DELETE|PUT|MKCOL|MOVE|COPY|PROPPATCH|REPORT
- LIMIT_REQ_RATE=5r/s
- LIMIT_REQ_BURST=10
- ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS
- X_FRAME_OPTIONS=SAMEORIGIN
- USE_GZIP=yes
- USE_BROTLI=yes
- FAIL2BAN_STATUS_CODE=400|401|403|405|444
mync:
image: nextcloud:20-fpm
image: nextcloud:21-fpm
restart: always
volumes:
- ./nc-files:/var/www/html

1
examples/nextcloud/modsec-confs/nextcloud.conf
View File

@@ -1 +1,2 @@
SecRuleRemoveById 921110
SecRule REQUEST_FILENAME "@contains /remote.php/webdav" "id:1,ctl:ruleRemoveByTag=OWASP_CRS"

2
examples/nextcloud/modsec-crs-confs/nextcloud.conf
View File

@@ -12,4 +12,4 @@ SecAction \
nolog,\
pass,\
t:none,\
setvar:'tx.allowed_methods=GET HEAD POST PROPFIND DELETE PUT MKCOL MOVE COPY PROPPATCH REPORT'"
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'"