Ibra
08/06/2022, 11:17 AM<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName <http://it-asset.acme.it|it-asset.acme.it>
ServerAdmin <mailto:postmaster@acme.it|postmaster@acme.it>
#SSLProxyEngine on
ProxyPass / <http://localhost:8443/>
ProxyPassReverse / <http://localhost:8443/>
# <Files ^.\login>
# Order Deny,Allow
# deny from all
# allow from 10.0.63.0
# allow from 10.0.59.0
# </Files>
# only allow acces to these urls from white listed IPs
Options +FollowSymlinks
RewriteEngine on
#the urls that should be checked
RewriteCond %{REQUEST_URI} ^(/login|/dashboard).*$
RewriteCond %{REMOTE_ADDR} !=10\.0\.63\.
# or this ip
RewriteCond %{REMOTE_ADDR} !=10\.0\.59\.
# if not fail
RewriteRule ^.*$ / [F]
# RewriteRule ^.*$ [G,NC]
ErrorLog ${APACHE_LOG_DIR}/fleet-dc-error.log
CustomLog ${APACHE_LOG_DIR}/fleet-dc-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/it-asset.acme.it/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/it-asset.acme.it/privkey.pem
</VirtualHost>
</IfModule>
Docker compose:
version: '2'
services:
mysql:
restart: always
image: mysql:5.7
volumes:
- /fleet/data:/data
command: mysqld --datadir=/data/mysqldata --slow_query_log=0 --log_output=TABLE --log-queries-not-using-indexes --event-scheduler=ON
environment:
MYSQL_ROOT_PASSWORD: *****************
MYSQL_DATABASE: fleet_db
MYSQL_USER: fleet_user
MYSQL_PASSWORD: ************************
ports:
- "3306:3306"
mailhog:
restart: always
image: mailhog/mailhog:latest
ports:
- "8025:8025"
- "1025:1025"
redis:
restart: always
image: redis:5
ports:
- "6379:6379"
fleet:
restart: always
image: fleetdm/fleet:v4.17.0
volumes:
- /fleet/fleet:/fleet
command: sh -c "echo '\n' | /usr/bin/fleet prepare db && /usr/bin/fleet serve"
environment:
FLEET_MYSQL_ADDRESS: mysql:3306
FLEET_MYSQL_DATABASE: fleet_db
FLEET_MYSQL_USERNAME: fleet_user
FLEET_MYSQL_PASSWORD: *****************
FLEET_REDIS_ADDRESS: redis:6379
FLEET_SERVER_CERT: /etc/letsencrypt/live/it-asset.acme.it/fullchain.pem
FLEET_SERVER_KEY: /etc/letsencrypt/live/it-asset.acme.it/privkey.pem
FLEET_LOGGING_JSON: "true"
FLEET_AUTH_JWT_KEY:
FLEET_SERVER_TLS: 'false'
FLEET_OSQUERY_LABEL_UPDATE_INTERVAL: 5m
FLEET_VULNERABILITIES_PERIODICITY: 60m
ports:
- "8443:8080"
Keith Swagler
08/06/2022, 6:12 PMSecRule REQUEST_URI "@contains /" "chain, id:'1', phase:1, nolog, allow"
SecRule REMOTE_ADDR "@ipMatch 192.168.0.0/24" ctl:ruleEngine=DetectionOnly
SecRule REQUEST_URI "@beginsWith /api/v1/osquery" "chain, id:'2', phase:1, nolog, allow"
SecRule REQUEST_URI "@contains /" "id:'5', phase:1, log, deny"
Ibra
08/06/2022, 7:57 PMKathy Satterlee
08/08/2022, 2:36 PMIbra
08/08/2022, 2:40 PMKathy Satterlee
08/08/2022, 2:44 PMIbra
08/08/2022, 2:54 PMForbidden
You don't have permission to access this resource.
Apache/2.4.52 (Ubuntu) Server at <http://it-asset.domain.com|it-asset.domain.com> Port 443
as if it doesn't recognize the forward from it-asset.domain.com to it-asset.domain.com/loginKathy Satterlee
08/08/2022, 3:17 PM!=
to !^
in the IP conditions?Ibra
08/08/2022, 3:26 PMKathy Satterlee
08/08/2022, 3:45 PMIbra
08/08/2022, 3:46 PM