[Feature Request] open-appsec-npm #1073
Comments
|
https://github.com/openappsec/attachment Here are the Building Process Additional prerequisites for compiling against other NGINX Proxy Manager version |
|
Hello, if I understand it correctly, all requests will be handled externally, which would be a big No for me. Do you know if it is also possible to fully local host it? |
|
Here are all Local ^^ and appsec can be integrated |
|
https://github.com/openappsec/open-appsec-npm And here are a list of Building Process for another Nginx Proxy manager version in the Readme |
|
they are copying binaries, where I'm not sure about if they are opensource: https://github.com/openappsec/open-appsec-npm/tree/main/docker/lib |
|
https://github.com/openappsec/open-appsec-npm/blob/main/LICENSE You can use this to Contribute or Comercial Use |
|
This are WAF Files this is Open Source |
|
And this Files are modified versions for opensec and have no Limitations |
|
I will see if I can compile it myself and how it needs to be configured, but if you want NPM with a good appsec ui, you should stay with appsecs fork |
|
Thats very nicee Thanks, no i use your Repo generally. |
|
Hii @Zoey2936 have you test it? |
|
not yeet |
|
will take some time, sorry |
|
OkaY i hope this will add soon |
|
Hii @Zoey2936 have you test it recently? |
|
still no time for this, sorry |
|
Hi I have used openappsec nginx fork, and it's pretty good for security, it works amazingly well. Your fork however @Zoey2936 is so much better. It really gives NPM some of the most important functionality that's missing from the main jc21 project. I would very like to have the ability to integrate the openappsec into your fork as well, and I believe your fork would take off like crazy! Can't imagine any better NPM instance at this point other than yours. I'd like to compile this as well but I'm not a developer. I really hope you can test on your own and see the openappsec for what it is :) It's such great security for homelabbers. |
|
+1 for openappsec. It would be awesome if this image could integrate npm with oppenappsec and crowdsec. ModSecurity is EOL, and openappsec is the future. Please, @Zoey2936 consider this 🙂 |
|
yes, but it takes some time, but why is modsecurity eol? the last commit was 5 days ago and the last release 4 months ago |
https://www.f5.com/company/blog/nginx/f5-nginx-modsecurity-waf-transitioning-to-eol |
|
yes it was planned to go eol, but this never happened: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-transfers-modsecurity-custodianship-to-the-open-worldwide-application-security-project/ https://owasp.org/blog/2024/01/09/ModSecurity.html |
|
I got attachment compiled into nginx, now I only need to find out how to configure it |
|
(it seems like no configuration from npmplus is needed, beside loading the nginx module, and everything else is handled by the openappsec container? and both are communicating via ipc?) |
|
And the answer from the Developer: |
|
so I everything I now need to do is to add this line to the compose.yaml |
|
It seems to be only this, maybe I will add something in the readme for the appsec x crowdsec part, but then everything should be done, release could maybe happen already tomorrow (And I'm a she not a he, because of openappsec/openappsec#218, just want to mention that) |
|
Any new Information? Currently its not Available. |
|
I'm thinking how I want to do it, either I write a full guide, which can be outdated fast, or I link to the documentation of openappsec, which is not the best in my opinion and will lead to many questions. But I will add the required env now, so you can test it using the develop tag and report back if it worked for you, if you want |
|
I've added the env option and added documentation to the compose.yaml |
|
Is this correct? I mean, is it encoded as ATTCHMENT instead of ATTACHMENT?
|
|
thanks for the hint, will be changed |
|
It worked! |
|
Thanks for testing, did you use the examples from the compose file and if yes did you used all containers or did you use their webui? I want to change some small other things, but I think a release could happen on Thursday |
|
release will take longer because of: https://gitlab.alpinelinux.org/alpine/aports/-/issues/16864 |
|
got build fixed, but release will take longer, will still close this since it is done, testing is still welcome |
Can you add open-appsec-npm this is new Secure Feature of NPM.
https://github.com/openappsec/open-appsec-npm
https://docs.openappsec.io/integrations/nginx-proxy-manager-integration
https://docs.openappsec.io/integrations/nginx-proxy-manager-integration/install-nginx-proxy-manager-with-open-appsec-managed-from-central-webui-saas
https://docs.openappsec.io/getting-started/using-the-advanced-machine-learning-model
The text was updated successfully, but these errors were encountered: