Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: update HTTP3 configuration to include TLSv1.3 checks and streamline rule removals

Browse source
This commit is contained in:
Théophile Diot 2024-11-25 17:12:09 +01:00
parent eee1e191e0
commit b9879419af
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/common/core/modsecurity/confs/modsec-crs/http3.conf
View file

@ -1,4 +1,5 @@
{%- if USE_MODSECURITY == "yes" and MODSECURITY_CRS_VERSION == "3" and HTTP3 == "yes" -%}
{%- if USE_MODSECURITY == "yes" and "TLSv1.3" in SSL_PROTOCOLS and HTTP3 == "yes" and USE_PROXY_PROTOCOL == "no" %}
{%- if MODSECURITY_CRS_VERSION == "3" %}
SecAction \
"id:900230,\
phase:1,\
@ -6,4 +7,6 @@ SecAction \
pass,\
t:none,\
setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'"
{% endif %}
SecRuleRemoveById 920280
{%- endif %}

3
src/common/core/ui/confs/modsec/ui.conf
View file

@ -1,4 +1,3 @@
{% if USE_UI == "yes" %}
SecRuleRemoveById 930120
{% if USE_UI == "yes" and "TLSv1.3" in SSL_PROTOCOLS and HTTP3 == "yes" %}
SecRuleRemoveById 920280
{% endif %}