Using Bookstack with ModSecurity CRS WAF #5472
Labels
Comments
|
No guidance to hand, I think it'll really depend on the WAF in use. |
|
Thanks for the reply. ModSecurity with the CRS ruleset is the most common WAF out there. Hopefully the above helps someone. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Attempted Debugging
Searched GitHub Issues
Describe the Scenario
Hi guys,
I am running BookStack behind a ModSec CRS WAF. I have found that just writing a simple page triggers lots of rules making it unusable.
I have via trial and error identified the following rules that need to be disabled to allow BookStack to function.
SecRule SERVER_NAME "xyz" \ "id:'xyz', \ phase:1, \ t:none, \ setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PROPFIND PROPPATCH REPORT PUT MKCOL', \ nolog, \ pass, \ ctl:ruleRemoveById=921110, \ ctl:ruleRemoveById=932100, \ ctl:ruleRemoveById=932105, \ ctl:ruleRemoveById=932115, \ ctl:ruleRemoveById=932140, \ ctl:ruleRemoveById=932200, \ ctl:ruleRemoveById=941100, \ ctl:ruleRemoveById=941130, \ ctl:ruleRemoveById=941140, \ ctl:ruleRemoveById=941150, \ ctl:ruleRemoveById=941160, \ ctl:ruleRemoveById=941170, \ ctl:ruleRemoveById=941180, \ ctl:ruleRemoveById=941200, \ ctl:ruleRemoveById=941320, \ ctl:ruleRemoveById=941330, \ ctl:ruleRemoveById=941340, \ ctl:ruleRemoveById=942130, \ ctl:ruleRemoveById=942190, \ ctl:ruleRemoveById=942200, \ ctl:ruleRemoveById=942210, \ ctl:ruleRemoveById=942300, \ ctl:ruleRemoveById=942330, \ ctl:ruleRemoveById=942340, \ ctl:ruleRemoveById=942350, \ ctl:ruleRemoveById=942380, \ ctl:ruleRemoveById=942430, \ ctl:ruleRemoveById=942440, \ ctl:ruleRemoveById=942480, \ ctl:ruleRemoveById=942260, \ ctl:ruleRemoveById=942370"Does anyone have any other guidance on rulesets that allow BookStack to work behind a WAF?
Thanks.
Exact BookStack Version
v24.12.1
Log Content
No response
Hosting Environment
PHP 7.4 on Debian
The text was updated successfully, but these errors were encountered: