Compare commits

..

43 commits

Author SHA1 Message Date
f
d2d9351503
BREAKING CHANGE: deprecate older alpine versions
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2024-11-12 09:52:50 -03:00
f
48737be655
feat: upgrade access_log with new co2 intensity data 2024-11-12 09:52:29 -03:00
f
2d1be6a3b2
feat: modsecurity.conf
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
ci/woodpecker/push/woodpecker/4 Pipeline was successful
2024-11-06 18:00:05 -03:00
f
abc9bfd869
fix: actually set the extra packages
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
ci/woodpecker/push/woodpecker/4 Pipeline was successful
2024-11-05 11:37:26 -03:00
f
f7ec863b05
feat: geoip2 continent code
Some checks failed
ci/woodpecker/push/woodpecker/3 Pipeline is pending
ci/woodpecker/push/woodpecker/4 Pipeline is pending
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline failed
2024-11-05 11:24:16 -03:00
f
a051c85237
feat: store logs
Some checks failed
ci/woodpecker/push/woodpecker/2 Pipeline is pending
ci/woodpecker/push/woodpecker/3 Pipeline is pending
ci/woodpecker/push/woodpecker/4 Pipeline is pending
ci/woodpecker/push/woodpecker/1 Pipeline failed
2024-11-05 11:21:20 -03:00
f
062e13bda0
feat: modsecurity 2024-11-05 11:21:04 -03:00
f
66e10a7635
Merge branch 'antifascista' of ssh://gitea.nulo.in:993/Sutty/containers-skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
ci/woodpecker/push/woodpecker/4 Pipeline was successful
2024-10-29 11:49:04 -03:00
f
0e8b6ac71a
fix: move docker password to plugin config
https://github.com/woodpecker-ci/woodpecker/issues/4140#issuecomment-2369019247
2024-10-23 10:35:32 -03:00
f
fc1a12e592
fix: upgrade alpines 2024-09-14 17:25:35 -03:00
f
000ac53f39
feat: upgrades
https://alpinelinux.org/posts/Alpine-3.17.9-3.18.8-3.19.3-released.html

https://alpinelinux.org/posts/Alpine-3.20.2-released.html
2024-07-23 10:18:44 -03:00
f
aa2641fbcc
Merge branch 'antifascista' of ssh://gitea.nulo.in:993/Sutty/containers-skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
ci/woodpecker/push/woodpecker/4 Pipeline was successful
2024-06-21 13:07:41 -03:00
f
41354bbc95
fix: deprecate MAINTAINER 2024-06-21 12:21:51 -03:00
f
c0e6b8150b
refactor: use matrix so it's easier to merge downstream containers 2024-06-19 10:15:44 -03:00
f
f7da597784
feat: upgrade 2024-06-19 10:14:59 -03:00
f
9e2d56e182
fix: r0
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
ci/woodpecker/push/woodpecker/4 Pipeline was successful
2024-05-31 15:49:41 -03:00
f
758066d768
fix: nginx 1.26.1
Some checks failed
ci/woodpecker/push/woodpecker/4 Pipeline is pending
ci/woodpecker/push/woodpecker/1 Pipeline failed
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline failed
2024-05-31 15:43:20 -03:00
f
d6db26865d
Merge branch 'antifascista' of ssh://gitea.nulo.in:993/Sutty/containers-skel into antifascista
Some checks failed
ci/woodpecker/push/woodpecker/3 Pipeline is pending
ci/woodpecker/push/woodpecker/4 Pipeline is pending
ci/woodpecker/push/woodpecker/1 Pipeline failed
ci/woodpecker/push/woodpecker/2 Pipeline failed
2024-05-23 15:46:42 -03:00
f
b99a8111d8
feat: 3.20 released 2024-05-22 10:20:38 -03:00
f
aa086a76af
BREAKING CHANGE: deprecate 3.16 2024-05-22 10:20:27 -03:00
f
3956f7fa70
fix: missing file again
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
2024-03-21 18:47:41 -03:00
f
7fa87d8e64
feat: upgrade average intensity
Some checks failed
ci/woodpecker/push/woodpecker/1 Pipeline failed
ci/woodpecker/push/woodpecker/2 Pipeline failed
ci/woodpecker/push/woodpecker/3 Pipeline failed
2024-03-21 14:47:56 -03:00
f
399208b01e
feat: naxsi 2024-03-21 11:46:46 -03:00
f
4c1bf069a9
fix: upgrade average intensity data
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
2024-02-21 10:35:44 -03:00
f
b4e5996ee6
fix: upgrade nginx
Some checks are pending
ci/woodpecker/push/woodpecker/1 Pipeline was successful
ci/woodpecker/push/woodpecker/2 Pipeline is running
ci/woodpecker/push/woodpecker/3 Pipeline was successful
2024-02-19 13:23:47 -03:00
f
59c7ea652c
Merge branch 'antifascista' of ssh://gitea.nulo.in:993/Sutty/containers-skel into antifascista
Some checks failed
ci/woodpecker/push/woodpecker/1 Pipeline failed
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline failed
2024-02-19 13:16:37 -03:00
f
74e4a85bf9
feat: update intensity data 2024-02-13 13:28:30 -03:00
f
2a72840be0
fix: 3.15 eol 2024-02-13 13:22:59 -03:00
f
397dff920a
fix: upgrade alpine 2024-02-13 13:22:45 -03:00
f
68758ba4c0
Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista
All checks were successful
ci/woodpecker/push/woodpecker/2 Pipeline was successful
ci/woodpecker/push/woodpecker/3 Pipeline was successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
2023-12-12 15:22:00 -03:00
f
e66b364db7
ci: pipeline is deprecated 2023-12-12 13:36:48 -03:00
f
b921379aa0
feat: alpine 3.19 2023-12-07 10:22:26 -03:00
f
8dd7d4605a
fix: bad commit 2023-12-04 11:06:47 -03:00
f
d11e588f03
feat: alpine upgrades 2023-12-04 11:03:14 -03:00
f
f6ba800908
fix: daemonization 2023-11-23 18:39:10 -03:00
f
53b1edf291
feat: upgrade nginx
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
2023-10-17 11:16:37 -03:00
f
ddb5c152b2
refactor: chown during copy 2023-10-17 11:15:24 -03:00
f
22ab55417e
Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-nginx into antifascista 2023-10-02 15:10:23 -03:00
f
630885cdfd
Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista 2023-10-02 15:10:01 -03:00
f
5085c7e8df
feat: alpine 3.18.4 2023-09-28 12:24:44 -03:00
f
1233c89aff fix: use proper namespaces 2023-08-24 11:50:53 -03:00
f9316429c8 Merge pull request 'usar nombres calificados' (#1) from qualified into antifascista
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #1
2023-08-17 15:56:53 +00:00
748edeb81f fix: use fully qualified names for container images
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/pr/woodpecker Pipeline was successful
improves security and compatibility
2023-08-17 15:43:08 +00:00
8 changed files with 61 additions and 15 deletions

View file

@ -1,4 +1,4 @@
pipeline: steps:
publish: publish:
image: "docker.io/woodpeckerci/plugin-docker-buildx" image: "docker.io/woodpeckerci/plugin-docker-buildx"
settings: settings:
@ -11,15 +11,17 @@ pipeline:
build_args: build_args:
- "ALPINE_VERSION=${ALPINE_VERSION}" - "ALPINE_VERSION=${ALPINE_VERSION}"
- "ACCESS_LOG_VERSION=${ACCESS_LOG_VERSION}" - "ACCESS_LOG_VERSION=${ACCESS_LOG_VERSION}"
- "NGINX_VERSION=${NGINX_VERSION}"
- "BASE_IMAGE=gitea.nulo.in/sutty/monit" - "BASE_IMAGE=gitea.nulo.in/sutty/monit"
secrets: - "EXTRA_PACKAGES=${EXTRA_PACKAGES}"
- "DOCKER_PASSWORD" password:
from_secret: "DOCKER_PASSWORD"
when: when:
branch: "antifascista" branch: "antifascista"
event: "push" event: "push"
matrix: matrix:
ALPINE_VERSION: include:
- "3.18.3" - ALPINE_VERSION: "3.20.3"
- "3.17.5" ACCESS_LOG_VERSION: "0.5.9"
ACCESS_LOG_VERSION: NGINX_VERSION: "1.26.2-r0"
- "0.5.5" EXTRA_PACKAGES: "nginx-mod-http-modsecurity coreruleset"

View file

@ -1,15 +1,17 @@
ARG ALPINE_VERSION=3.18.3 ARG ALPINE_VERSION=3.18.3
ARG BASE_IMAGE=gitea.nulo.in/sutty/monit ARG BASE_IMAGE=gitea.nulo.in/sutty/monit
FROM ${BASE_IMAGE}:${ALPINE_VERSION} FROM ${BASE_IMAGE}:${ALPINE_VERSION}
MAINTAINER "f <f@sutty.nl>" LABEL org.opencontainers.image.authors="f@sutty.nl"
ARG NGINX_VERSION="1.24.0-r7"
ARG ACCESS_LOGS_FLAGS="--database=sqlite3:///var/log/access_log.sqlite3 -c /usr/share/crawler-user-agents/crawler-user-agents.json" ARG ACCESS_LOGS_FLAGS="--database=sqlite3:///var/log/access_log.sqlite3 -c /usr/share/crawler-user-agents/crawler-user-agents.json"
ARG ACCESS_LOG_VERSION="0.5.5" ARG ACCESS_LOG_VERSION="0.5.6"
ARG EXTRA_PACKAGES
ENV ACCESS_LOGS_FLAGS=${ACCESS_LOGS_FLAGS} ENV ACCESS_LOGS_FLAGS=${ACCESS_LOGS_FLAGS}
# Install nginx and remove default config # Install nginx and remove default config
RUN apk add --no-cache nginx daemonize access_log~${ACCESS_LOG_VERSION} nginx-prometheus-exporter geoip2-database-country geoip2-database-city crawler-user-agents \ RUN apk add --no-cache nginx~${NGINX_VERSION} daemonize access_log~${ACCESS_LOG_VERSION} nginx-prometheus-exporter geoip2-database-country geoip2-database-city crawler-user-agents \
&& rm -rf /etc/nginx && rm -rf /etc/nginx
# Add ssl group so nginx has access to certificates # Add ssl group so nginx has access to certificates
@ -19,15 +21,14 @@ RUN addgroup nginx ssl
COPY ./monit.conf /etc/monit.d/nginx.conf COPY ./monit.conf /etc/monit.d/nginx.conf
COPY ./prometheusd.sh /usr/local/bin/prometheusd COPY ./prometheusd.sh /usr/local/bin/prometheusd
COPY ./access_logd.sh /usr/bin/access_logd COPY ./access_logd.sh /usr/bin/access_logd
COPY ./nginx /etc/nginx COPY --chown=nginx:nginx ./nginx /etc/nginx
COPY ./access_log.sqlite3 /var/lib/access_log.sqlite3 COPY ./access_log.sqlite3 /var/lib/access_log.sqlite3
# Install modules after rewriting /etc/nginx # Install modules after rewriting /etc/nginx
RUN apk add --no-cache nginx-mod-http-brotli nginx-mod-http-geoip2 RUN apk add --no-cache nginx-mod-http-brotli nginx-mod-http-geoip2 ${EXTRA_PACKAGES}
# Add support for request_uri parsing if access_log >= 0.3.0 # Add support for request_uri parsing if access_log >= 0.3.0
RUN mv /etc/nginx/access_logd_`access_log -v`.conf /etc/nginx/access_logd.conf RUN mv /etc/nginx/access_logd_`access_log -v`.conf /etc/nginx/access_logd.conf
RUN chown -R nginx:nginx /etc/nginx
RUN nginx -t RUN nginx -t
RUN chown nginx:nginx /var/lib/access_log.sqlite3 RUN chown nginx:nginx /var/lib/access_log.sqlite3
@ -36,6 +37,7 @@ RUN chown nginx:nginx /var/lib/access_log.sqlite3
VOLUME /etc/nginx/sites VOLUME /etc/nginx/sites
VOLUME /etc/letsencrypt VOLUME /etc/letsencrypt
VOLUME /var/lib/letsencrypt VOLUME /var/lib/letsencrypt
VOLUME /var/log
EXPOSE 80 EXPOSE 80
EXPOSE 443 EXPOSE 443

View file

@ -10,6 +10,8 @@ pid=/run/access_logd.pid
case $1 in case $1 in
start) start)
test -f $pid && exit 0
# Copy default database # Copy default database
install -m 640 -o nobody /var/lib/access_log.sqlite3 /var/log/access_log.sqlite3 install -m 640 -o nobody /var/lib/access_log.sqlite3 /var/log/access_log.sqlite3
@ -17,7 +19,7 @@ case $1 in
rm -f /tmp/access_log.socket rm -f /tmp/access_log.socket
# Read from fifo and load into database # Read from fifo and load into database
daemonize -p /run/access_logd.pid -u nginx /usr/local/bin/syslogize /usr/bin/access_log $ACCESS_LOGS_FLAGS daemonize -p $pid -u nginx /usr/local/bin/syslogize /usr/bin/access_log $ACCESS_LOGS_FLAGS
;; ;;
stop) stop)
test -f $pid || exit 0 test -f $pid || exit 0

View file

@ -0,0 +1,3 @@
log_format access_logd escape=json '{"host":"$host","msec":$msec,"server_protocol":"$server_protocol","request_method":"$request_method","request_completion":"$request_completion","uri":"$uri","query_string":"$query_string","status":$status,"sent_http_content_type":"$sent_http_content_type","sent_http_content_encoding":"$sent_http_content_encoding","sent_http_etag":"$sent_http_etag","sent_http_last_modified":"$sent_http_last_modified","http_accept":"$http_accept","http_accept_encoding":"$http_accept_encoding","http_accept_language":"$http_accept_language","http_pragma":"$http_pragma","http_cache_control":"$http_cache_control","http_if_none_match":"$http_if_none_match","http_dnt":"$http_dnt","http_user_agent":"$http_user_agent","http_origin":"$http_origin","http_referer":{"origin":"$http_origin","referrer":"$http_referer","policy":"origin-when-cross-origin"},"request_time":$request_time,"bytes_sent":$bytes_sent,"body_bytes_sent":$body_bytes_sent,"request_length":$request_length,"http_connection":"$http_connection","pipe":"$pipe","connection_requests":$connection_requests,"geoip2_data_country_name":"$geoip2_data_country_name","geoip2_data_country_iso_code":"$geoip2_data_country_iso_code","geoip2_data_city_name":"$geoip2_data_city_name","ssl_server_name":"$ssl_server_name","ssl_protocol":"$ssl_protocol","ssl_early_data":"$ssl_early_data","ssl_session_reused":"$ssl_session_reused","ssl_curves":"$ssl_curves","ssl_ciphers":"$ssl_ciphers","ssl_cipher":"$ssl_cipher","sent_http_x_xss_protection":"$sent_http_x_xss_protection","sent_http_x_frame_options":"$sent_http_x_frame_options","sent_http_x_content_type_options":"$sent_http_x_content_type_options","sent_http_strict_transport_security":"$sent_http_strict_transport_security","nginx_version":"$nginx_version","pid":"$pid","remote_user":"$remote_user","request_uri":"$request_uri"}';
access_log syslog:server=unix:/tmp/access_log.socket,nohostname access_logd;

View file

@ -0,0 +1,3 @@
log_format access_logd escape=json '{"host":"$host","msec":$msec,"server_protocol":"$server_protocol","request_method":"$request_method","request_completion":"$request_completion","uri":"$uri","query_string":"$query_string","status":$status,"sent_http_content_type":"$sent_http_content_type","sent_http_content_encoding":"$sent_http_content_encoding","sent_http_etag":"$sent_http_etag","sent_http_last_modified":"$sent_http_last_modified","http_accept":"$http_accept","http_accept_encoding":"$http_accept_encoding","http_accept_language":"$http_accept_language","http_pragma":"$http_pragma","http_cache_control":"$http_cache_control","http_if_none_match":"$http_if_none_match","http_dnt":"$http_dnt","http_user_agent":"$http_user_agent","http_origin":"$http_origin","http_referer":{"origin":"$http_origin","referrer":"$http_referer","policy":"origin-when-cross-origin"},"request_time":$request_time,"bytes_sent":$bytes_sent,"body_bytes_sent":$body_bytes_sent,"request_length":$request_length,"http_connection":"$http_connection","pipe":"$pipe","connection_requests":$connection_requests,"geoip2_data_country_name":"$geoip2_data_country_name","geoip2_data_country_iso_code":"$geoip2_data_country_iso_code","geoip2_data_city_name":"$geoip2_data_city_name","ssl_server_name":"$ssl_server_name","ssl_protocol":"$ssl_protocol","ssl_early_data":"$ssl_early_data","ssl_session_reused":"$ssl_session_reused","ssl_curves":"$ssl_curves","ssl_ciphers":"$ssl_ciphers","ssl_cipher":"$ssl_cipher","sent_http_x_xss_protection":"$sent_http_x_xss_protection","sent_http_x_frame_options":"$sent_http_x_frame_options","sent_http_x_content_type_options":"$sent_http_x_content_type_options","sent_http_strict_transport_security":"$sent_http_strict_transport_security","nginx_version":"$nginx_version","pid":"$pid","remote_user":"$remote_user","request_uri":"$request_uri"}';
access_log syslog:server=unix:/tmp/access_log.socket,nohostname access_logd;

View file

@ -0,0 +1,3 @@
log_format access_logd escape=json '{"host":"$host","msec":$msec,"server_protocol":"$server_protocol","request_method":"$request_method","request_completion":"$request_completion","uri":"$uri","query_string":"$query_string","status":$status,"sent_http_content_type":"$sent_http_content_type","sent_http_content_encoding":"$sent_http_content_encoding","sent_http_etag":"$sent_http_etag","sent_http_last_modified":"$sent_http_last_modified","http_accept":"$http_accept","http_accept_encoding":"$http_accept_encoding","http_accept_language":"$http_accept_language","http_pragma":"$http_pragma","http_cache_control":"$http_cache_control","http_if_none_match":"$http_if_none_match","http_dnt":"$http_dnt","http_user_agent":"$http_user_agent","http_origin":"$http_origin","http_referer":{"origin":"$http_origin","referrer":"$http_referer","policy":"origin-when-cross-origin"},"request_time":$request_time,"bytes_sent":$bytes_sent,"body_bytes_sent":$body_bytes_sent,"request_length":$request_length,"http_connection":"$http_connection","pipe":"$pipe","connection_requests":$connection_requests,"geoip2_data_country_name":"$geoip2_data_country_name","geoip2_data_country_iso_code":"$geoip2_data_country_iso_code","geoip2_data_city_name":"$geoip2_data_city_name","ssl_server_name":"$ssl_server_name","ssl_protocol":"$ssl_protocol","ssl_early_data":"$ssl_early_data","ssl_session_reused":"$ssl_session_reused","ssl_curves":"$ssl_curves","ssl_ciphers":"$ssl_ciphers","ssl_cipher":"$ssl_cipher","sent_http_x_xss_protection":"$sent_http_x_xss_protection","sent_http_x_frame_options":"$sent_http_x_frame_options","sent_http_x_content_type_options":"$sent_http_x_content_type_options","sent_http_strict_transport_security":"$sent_http_strict_transport_security","nginx_version":"$nginx_version","pid":"$pid","remote_user":"$remote_user","request_uri":"$request_uri"}';
access_log syslog:server=unix:/tmp/access_log.socket,nohostname access_logd;

View file

@ -39,6 +39,7 @@ http {
geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb { geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
$geoip2_data_country_name country names en; $geoip2_data_country_name country names en;
$geoip2_data_country_iso_code country iso_code; $geoip2_data_country_iso_code country iso_code;
$geoip2_data_continent_code country continent_code;
} }
geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {

View file

@ -0,0 +1,30 @@
modsecurity on;
modsecurity_rules 'SecRuleEngine On';
modsecurity_rules 'SecAuditLogFormat JSON';
modsecurity_rules_file /etc/modsecurity/modsecurity.conf;
modsecurity_rules_file /etc/crs4/crs-setup.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-901-INITIALIZATION.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-913-SCANNER-DETECTION.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-921-PROTOCOL-ATTACK.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-922-MULTIPART-ATTACK.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf;
modsecurity_rules_file /etc/crs4/rules/REQUEST-949-BLOCKING-EVALUATION.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-950-DATA-LEAKAGES.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-955-WEB-SHELLS.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-959-BLOCKING-EVALUATION.conf;
modsecurity_rules_file /etc/crs4/rules/RESPONSE-980-CORRELATION.conf;