0

I have an endpoint https://my-portal.nl and I wan't to place a WAF with the OWASP Core rule set before it. So I found a Docker image(owasp/modsecurity-crs:apache) that can proxy all the requests to my endpoint (https://my-portal.nl). For some reason I can't get it to work. When I browse for https://localhost I'm getting a

"Forbidden You don't have permission to access this resource." response from the server.

This is the command I executed:

docker run -dti \
  --name apachecrs \
  --env PARANOIA=1 \
  --env ANOMALYIN=5 \
  --env ANOMALYOUT=5 \
  --env ALLOWED_METHODS="GET POST HEAD" \
  --env MAX_FILE_SIZE=5242880 \
  --env RESTRICTED_EXTENSIONS=".conf/" \
  --env PROXY=1 \
  --env PORT=8443 \
  --publish 443:443 \
  --env BACKEND=https://my-portal.nl:8443 \
  owasp/modsecurity-crs:apache

What am I doing wrong?

ANSWERED: There was no issue. The above example is correct. When a rule is active. The proxy returns a:

"Forbidden You don't have permission to access this resource." response from the server.

RAGI
  • 1
  • 1
  • Not too familiar with this OWASP Docker image, but what do logs say? – A. Darwin Jul 27 '21 at 19:49
  • Not very much. There are no errors displayed in the logging. – RAGI Jul 28 '21 at 11:32
  • I found the problem. There was a port issue. The reason why this message is showing is because I get a `ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"]` – RAGI Jul 29 '21 at 09:10
  • When you want more information about whats going wrong enable the debug option. `--env LOGLEVEL=debug` – RAGI Jul 29 '21 at 10:25

0 Answers0