Code development platform for open source projects from the European Union institutions

Add ability to customize WAF ruleset configuration

David Jose DELASSUSrequested to merge
custom-waf-rules into main

Decision record

We need to be able to customize the WAF ruleset configuration for a specific Docker instance at runtime.

To do so, we add a few environment variables:

  • EC_RPS_WAF_USE_CRS:
    • if true (the default), the behavior will be the same as before: we include only the CoreRuleSet included in the Docker image
    • if false, we check for the following environment variables:
      • EC_RPS_WAF_USE_CRS_*: include a specific .conf file from the CoreRuleSet
      • EC_RPS_WAF_USE_CUSTOM_*: include a specific .conf file from our custom ruleset
      • EC_RPS_WAF_USE_RULE_*: the value of this variable is a ModSecurity directive (ie: SecRule ...)

Changes

  • Configure WAF ruleset via environment variables at startup
  • 🔧 🚧 Add (empty) custom ruleset for Docker Registry
  • 🔖 v0.18.0

Merge request reports

For further information about the platform and support, please see https://code.europa.eu/info/about