I'm deploying franbuehler/modsecurity-crs-rp (https://hub.docker.com/r/franbuehler/modsecurity-crs-rp) in a kubernetes pod in front of a web app from a manifest yaml file. It's prep for a class on this subject I'll be teaching in a couple weeks. No matter how high I set the paranoia level it still seems to just use the default of paranoia_level 1. This is evidenced by the fact that the reports generated by the attacker application (zed attack proxy) are identical no matter which paranoia level I choose. At P4 it should be locked down tight butits showing same vulnerabilities as when I use P1. When executing the same thing locally with Docker, the reports change drastically when paranoia level goes from 1 to 2.
Below is the pertinent snippet from the manifest. It does not err when I do the kubectl apply. And I can verify the other env variables are working as I can access my web app from the www. Audit logs inside the running container seem to indicate no errors regarding paranoia, just reconfirms paranoia level is indeed set to '1' despite me explicitly setting it to '4' in the yaml file.
I've tried several variations on the below including switching to 'paranoia_level', 'EXECUTING_PARANOIA', etc.... to no avail. Is below not the correct way to do this in kubernetes?
spec:
containers:
- name: waf
image: franbuehler/modsecurity-crs-rp
ports:
- name: default
containerPort: 8001
env:
- name: PROXY
value: "1"
- name: BACKEND
value: "http://127.0.0.1:3000/"
- name: PARANOIA
value: "4"
See my answer in the issue in the related GitHub repo:
https://github.com/franbuehler/modsecurity-crs-rp/issues/5
There I write that I no longer actively maintain my image and refer to the official CRS Docker image.