0

I'm deploying franbuehler/modsecurity-crs-rp (https://hub.docker.com/r/franbuehler/modsecurity-crs-rp) in a kubernetes pod in front of a web app from a manifest yaml file. It's prep for a class on this subject I'll be teaching in a couple weeks. No matter how high I set the paranoia level it still seems to just use the default of paranoia_level 1. This is evidenced by the fact that the reports generated by the attacker application (zed attack proxy) are identical no matter which paranoia level I choose. At P4 it should be locked down tight butits showing same vulnerabilities as when I use P1. When executing the same thing locally with Docker, the reports change drastically when paranoia level goes from 1 to 2.

Below is the pertinent snippet from the manifest. It does not err when I do the kubectl apply. And I can verify the other env variables are working as I can access my web app from the www. Audit logs inside the running container seem to indicate no errors regarding paranoia, just reconfirms paranoia level is indeed set to '1' despite me explicitly setting it to '4' in the yaml file.

I've tried several variations on the below including switching to 'paranoia_level', 'EXECUTING_PARANOIA', etc.... to no avail. Is below not the correct way to do this in kubernetes?

    spec:
      containers:
      - name: waf
        image: franbuehler/modsecurity-crs-rp
        ports:
        - name: default
          containerPort: 8001
        env:
        - name: PROXY
          value: "1"
        - name: BACKEND
          value: "http://127.0.0.1:3000/"
        - name: PARANOIA
          value: "4"
tnunu
  • 15
  • 5
  • have you checked that the ENV var is set in your container? Is the env var declared during initialization or after the process has been initialized. My guess would be you star the process with one value attempt to change it but the original running process is not using your updated value. – domdambrogia Nov 10 '20 at 22:06
  • Q: "Is the env var declared during initialization or after the process has been initialized" A: During initialization. The container does have default value built-in, but they are supposed to be "over-rideable" in this manner. The yaml snippet I included should be the kubernetes equivalent of this docker command that works like a charm: `docker run -d -p80:8001 --name waf -e PROXY=1 -e BACKEND=http://172.17.0.1:8000 -e PARANOIA=4 franbuehler/modsecurity-crs-rp' And the other env variables in the yaml snippet DO work as they should... its only the paranoia level that's not working – tnunu Nov 10 '20 at 22:19

1 Answers1

0

See my answer in the issue in the related GitHub repo:

https://github.com/franbuehler/modsecurity-crs-rp/issues/5

There I write that I no longer actively maintain my image and refer to the official CRS Docker image.

franbuehler
  • 435
  • 2
  • 8