diff --git a/README-containers.md b/README-containers.md index 807ea26..1575ae6 100644 --- a/README-containers.md +++ b/README-containers.md @@ -1,4 +1,4 @@ -# ModSecurity Core Rule Set Docker Image +# OWASP CRS Docker Image [![dockeri.co](http://dockeri.co/image/owasp/modsecurity-crs)](https://hub.docker.com/r/owasp/modsecurity-crs/) @@ -23,9 +23,9 @@ Stable Tags are composed of: The stable tag format is `-[-]-`. Examples: - * `3-nginx-202401121309` - * `3.3-apache-alpine-202401121309` - * `3.3.5-openresty-alpine-fat-202401121309` + * `4-nginx-202401121309` + * `4.0-apache-alpine-202401121309` + * `4.0.0-openresty-alpine-fat-202401121309` ### Rolling Tags @@ -43,12 +43,12 @@ Examples: ## OS Variants -* nginx – *latest stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable Core Rule Set 3.3.5* +* nginx – *latest stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable OWASP CRS 4.0.0* * [nginx](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile) * [nginx-alpine](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile-alpine) -* Openresty - *last stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable Core Rule Set 3.3.5* +* Openresty - *last stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable OWASP CRS 4.0.0* * [openresty-alpine-fat](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/openresty/Dockerfile-alpine) -* Apache httpd – *last stable ModSecurity v2 on Apache 2.4.58 official stable base image, and latest stable Core Rule Set 3.3.5* +* Apache httpd – *last stable ModSecurity v2 on Apache 2.4.58 official stable base image, and latest stable OWASP CRS 4.0.0* * [apache](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/apache/Dockerfile) * [apache-alpine](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/apache/Dockerfile-alpine) diff --git a/README.md b/README.md index 9d9af1c..86794cf 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# ModSecurity Core Rule Set Docker Image +# OWASP CRS Docker Image [![dockeri.co](http://dockeri.co/image/owasp/modsecurity-crs)](https://hub.docker.com/r/owasp/modsecurity-crs/) @@ -7,9 +7,9 @@ ) [![GitHub PRs](https://img.shields.io/github/issues-pr-raw/coreruleset/modsecurity-crs-docker.svg)](https://github.com/coreruleset/modsecurity-crs-docker/pulls ) [![License](https://img.shields.io/github/license/coreruleset/modsecurity-crs-docker.svg)](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/LICENSE) -## What is the Core Rule Set +## What is the OWASP CRS -The Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. +OWASP CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. ## Supported Tags @@ -24,9 +24,9 @@ Stable Tags are composed of: The stable tag format is `-[-]-`. Examples: - * `3-nginx-202401121309` - * `3.3-apache-alpine-202401121309` - * `3.3.5-openresty-alpine-fat-202401121309` + * `4-nginx-202401121309` + * `4.0-apache-alpine-202401121309` + * `4.0.0-openresty-alpine-fat-202401121309` ### Rolling Tags @@ -44,12 +44,12 @@ Examples: ## OS Variants -* nginx – *latest stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable Core Rule Set 3.3.5* +* nginx – *latest stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable OWASP CRS 4.0.0* * [nginx](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile) * [nginx-alpine](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/nginx/Dockerfile-alpine) -* Openresty - *last stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable Core Rule Set 3.3.5* +* Openresty - *last stable ModSecurity v3 on Nginx 1.25.3 official stable base image, and latest stable OWASP CRS 4.0.0* * [openresty-alpine-fat](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/openresty/Dockerfile-alpine) -* Apache httpd – *last stable ModSecurity v2 on Apache 2.4.58 official stable base image, and latest stable Core Rule Set 3.3.5* +* Apache httpd – *last stable ModSecurity v2 on Apache 2.4.58 official stable base image, and latest stable OWASP CRS 4.0.0* * [apache](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/apache/Dockerfile) * [apache-alpine](https://github.com/coreruleset/modsecurity-crs-docker/blob/master/apache/Dockerfile-alpine) @@ -122,11 +122,11 @@ docker run -p 80:80 -ti -e PARANOIA=4 -v rules:/opt/owasp-crs/rules:ro --rm owas ## Quick reference -* **Where to get help**: the [CRS-Support Docker Repo](https://github.com/coreruleset/modsecurity-crs-docker), the [Core Rule Set Slack Channel](https://owasp.org/slack/invite) (#coreruleset on owasp.slack.com), or [Stack Overflow](https://stackoverflow.com/questions/tagged/mod-security) +* **Where to get help**: the [OWASP CRS container repo](https://github.com/coreruleset/modsecurity-crs-docker), the [OWASP CRS Slack channel](https://owasp.org/slack/invite) (#coreruleset on owasp.slack.com), or [Stack Overflow](https://stackoverflow.com/questions/tagged/mod-security) -* **Where to file issues**: the [Core Rule Set Docker Repo](https://github.com/coreruleset/modsecurity-crs-docker) +* **Where to file issues**: the [OWASP CRS container repo](https://github.com/coreruleset/modsecurity-crs-docker) -* **Maintained By**: The Core Rule Set Project maintainers +* **Maintained By**: The CRS project maintainers ## What is ModSecurity diff --git a/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf index 9881722..378b70d 100644 --- a/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf +++ b/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf @@ -1,4 +1,4 @@ -# https://github.com/coreruleset/coreruleset/blob/v3.4/dev/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example +# https://github.com/coreruleset/coreruleset/blob/v4.0.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example # # "...,ctl:ruleRemoveById=942100" # "...,ctl:ruleRemoveByTag=attack-sqli" diff --git a/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf b/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf index 0c46763..e3e443f 100644 --- a/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf +++ b/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf @@ -1,4 +1,4 @@ -# https://github.com/coreruleset/coreruleset/blob/v3.4/dev/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example +# https://github.com/coreruleset/coreruleset/blob/v4.0.0/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example # # Examples: # SecRuleRemoveById 942100 diff --git a/docker-bake.hcl b/docker-bake.hcl index 1061487..ddd8eb7 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -8,7 +8,7 @@ variable "modsec2-version" { } variable "crs-version" { - default = "3.3.5" + default = "4.0.0" } variable "nginx-version" {