LaurenceJJones/docker-compose.yml

## docker-compose.yml
# This docker-compose file starts owasp/modsecurity-crs
#
# ATTENTION!
# Some of the environment variables at the bottom of this
# docker-compose.yaml file and TLS are only available
# for self-built images based on Dockerfile-2.9-apache,
# and only if build args SETTLS and SETPROXY were set during
# the build of the parent owasp/modsecurity:2.9-apache image.

# Disclaimer! Only expose any ports if you are in a controlled enviroment (Virtual machine on computer or server not exposed on the internet)
# You take the risk of leaving this application exposed

version: "3"

services:
  crs:
    image: owasp/modsecurity-crs:v3.3.2-nginx
    ports:
      - "80:80"
      #- "443:443"
    environment:
      - SERVERNAME=localhost
      - PARANOIA=1
      - ANOMALY_INBOUND=5
      - ANOMALY_OUTBOUND=4
      # PROXYLOCATION: Application Backend of Reverse Proxy
      - BACKEND=http://dvwa
      # CRS Variables with Default Value unlimited
      #######################################################
      #- MAX_NUM_ARGS=255
      #- ARG_NAME_LENGTH=100
      #- ARG_LENGTH=400
      #- TOTAL_ARG_LENGTH=64000
      #- MAX_FILE_SIZE=1048576
      #- COMBINED_FILE_SIZES=1048576
    volumes:
      - ./REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
      - ./RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
  dvwa:
    image: vulnerables/web-dvwa
    ports:
      ## Expose port below if you would like an easy way to compare between blocked and allowed
      #- "8080:80"
	# This docker-compose file starts owasp/modsecurity-crs
	#
	# ATTENTION!
	# Some of the environment variables at the bottom of this
	# docker-compose.yaml file and TLS are only available
	# for self-built images based on Dockerfile-2.9-apache,
	# and only if build args SETTLS and SETPROXY were set during
	# the build of the parent owasp/modsecurity:2.9-apache image.

	# Disclaimer! Only expose any ports if you are in a controlled enviroment (Virtual machine on computer or server not exposed on the internet)
	# You take the risk of leaving this application exposed

	version: "3"

	services:
	crs:
	image: owasp/modsecurity-crs:v3.3.2-nginx
	ports:
	- "80:80"
	#- "443:443"
	environment:
	- SERVERNAME=localhost
	- PARANOIA=1
	- ANOMALY_INBOUND=5
	- ANOMALY_OUTBOUND=4
	# PROXYLOCATION: Application Backend of Reverse Proxy
	- BACKEND=http://dvwa
	# CRS Variables with Default Value unlimited
	#######################################################
	#- MAX_NUM_ARGS=255
	#- ARG_NAME_LENGTH=100
	#- ARG_LENGTH=400
	#- TOTAL_ARG_LENGTH=64000
	#- MAX_FILE_SIZE=1048576
	#- COMBINED_FILE_SIZES=1048576
	volumes:
	- ./REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
	- ./RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
	dvwa:
	image: vulnerables/web-dvwa
	ports:
	## Expose port below if you would like an easy way to compare between blocked and allowed
	#- "8080:80"