✨ Add ability to customize WAF ruleset configuration
Decision record
We need to be able to customize the WAF ruleset configuration for a specific Docker instance at runtime.
To do so, we add a few environment variables:
-
EC_RPS_WAF_USE_CRS
:- if true (the default), the behavior will be the same as before: we include only the CoreRuleSet included in the Docker image
- if false, we check for the following environment variables:
-
EC_RPS_WAF_USE_CRS_*
: include a specific.conf
file from the CoreRuleSet -
EC_RPS_WAF_USE_CUSTOM_*
: include a specific.conf
file from our custom ruleset -
EC_RPS_WAF_USE_RULE_*
: the value of this variable is a ModSecurity directive (ie:SecRule ...
)
-
Changes
-
✨ Configure WAF ruleset via environment variables at startup -
🔧 🚧 Add (empty) custom ruleset for Docker Registry -
🔖 v0.18.0