Validate WAF Patterns and Configurations with Docker

Update test_docker.yml #3

Workflow file for this run

.github/workflows/test_docker.yml at 4eccf10

	name: Validate WAF Patterns and Configurations with Docker

	on:
	push:
	branches:
	- main # Trigger on push to main branch
	pull_request:
	branches:
	- main # Trigger on pull request to main branch

	jobs:
	validate-waf-patterns:
	runs-on: ubuntu-latest

	env:
	NGINX_PORT: 8080
	APACHE_PORT: 8081
	HAPROXY_PORT: 8082
	TRAEFIK_PORT: 8083

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	- name: Cache Docker setup
	id: cache-docker
	uses: actions/cache@v3
	with:
	path: /var/lib/docker
	key: docker-setup-${{ runner.os }}

	- name: Set up Docker
	run: \|
	sudo apt-get update
	# Remove conflicting containerd package
	sudo apt-get remove -y containerd
	# Install Docker dependencies
	sudo apt-get install -y ca-certificates curl
	# Add Docker's official GPG key
	sudo install -m 0755 -d /etc/apt/keyrings
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
	sudo chmod a+r /etc/apt/keyrings/docker.gpg
	# Add Docker's repository
	echo \
	"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
	$(. /etc/os-release && echo "$VERSION_CODENAME") stable" \| \
	sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
	# Install Docker
	sudo apt-get update
	sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
	sudo docker --version

	- name: Pull Docker images
	run: \|
	echo "Pulling Docker images..."
	sudo docker pull nginx:latest
	sudo docker pull httpd:latest
	sudo docker pull haproxy:latest
	sudo docker pull traefik:latest

	# - name: Validate Nginx configuration
	# run: \|
	# echo "Validating Nginx configuration..."
	# for file in waf_patterns/nginx/*.conf; do
	# echo "Validating $file..."
	# sudo docker run --rm -v $(pwd)/waf_patterns/nginx:/etc/nginx/conf.d:ro nginx nginx -t
	# if [ $? -ne 0 ]; then
	# echo "Error: Validation failed for $file"
	# exit 1
	# fi
	# done
	#
	# - name: Start Nginx container with WAF rules
	# run: \|
	# echo "Starting Nginx container..."
	# sudo docker run -d \
	# --name nginx-waf \
	# -p ${{ env.NGINX_PORT }}:80 \
	# -v $(pwd)/waf_patterns/nginx:/etc/nginx/conf.d \
	# nginx:latest
	# echo "Nginx is running on port ${{ env.NGINX_PORT }}."

	# - name: Check Nginx container logs
	# run: \|
	# echo "Checking Nginx container logs..."
	# sudo docker logs nginx-waf

	- name: Validate Apache configuration
	run: \|
	echo "Validating Apache configuration..."
	for file in waf_patterns/apache/*.conf; do
	echo "Validating $file..."
	sudo docker run --rm -v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra:ro httpd httpd -t
	if [ $? -ne 0 ]; then
	echo "Error: Validation failed for $file"
	exit 1
	fi
	done

	- name: Start Apache container with WAF rules
	run: \|
	echo "Starting Apache container..."
	sudo docker run -d \
	--name apache-waf \
	-p ${{ env.APACHE_PORT }}:80 \
	-v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra \
	httpd:latest
	echo "Apache is running on port ${{ env.APACHE_PORT }}."

	- name: Check Apache container logs
	run: \|
	echo "Checking Apache container logs..."
	sudo docker logs apache-waf

	- name: Validate HAProxy configuration
	run: \|
	echo "Validating HAProxy configuration..."
	for file in waf_patterns/haproxy/*.acl; do
	echo "Validating $file..."
	# Create a temporary haproxy.cfg file to include the ACL
	echo "global" > temp_haproxy.cfg
	echo " log stdout format raw local0" >> temp_haproxy.cfg
	echo "defaults" >> temp_haproxy.cfg
	echo " log global" >> temp_haproxy.cfg
	echo " timeout connect 10s" >> temp_haproxy.cfg
	echo " timeout client 30s" >> temp_haproxy.cfg
	echo " timeout server 30s" >> temp_haproxy.cfg
	echo "frontend test" >> temp_haproxy.cfg
	echo " bind *:${{ env.HAPROXY_PORT }}" >> temp_haproxy.cfg
	echo " default_backend test_backend" >> temp_haproxy.cfg
	echo " $(cat "$file")" >> temp_haproxy.cfg
	echo "backend test_backend" >> temp_haproxy.cfg
	echo " server s1 127.0.0.1:${{ env.NGINX_PORT }}" >> temp_haproxy.cfg

	# Validate the file using haproxy -c
	sudo docker run --rm -v $(pwd)/temp_haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro haproxy haproxy -c -f /usr/local/etc/haproxy/haproxy.cfg
	if [ $? -ne 0 ]; then
	echo "Error: Validation failed for $file"
	exit 1
	fi
	done

	- name: Start HAProxy container with WAF rules
	run: \|
	echo "Starting HAProxy container..."
	sudo docker run -d \
	--name haproxy-waf \
	-p ${{ env.HAPROXY_PORT }}:80 \
	-v $(pwd)/waf_patterns/haproxy:/usr/local/etc/haproxy \
	haproxy:latest
	echo "HAProxy is running on port ${{ env.HAPROXY_PORT }}."

	- name: Check HAProxy container logs
	run: \|
	echo "Checking HAProxy container logs..."
	sudo docker logs haproxy-waf

	- name: Validate Traefik configuration
	run: \|
	echo "Validating Traefik configuration..."
	for file in waf_patterns/traefik/*.toml; do
	echo "Validating $file..."
	sudo docker run --rm -v $(pwd)/waf_patterns/traefik:/etc/traefik:ro traefik traefik validate --configFile=/etc/traefik/$(basename "$file")
	if [ $? -ne 0 ]; then
	echo "Error: Validation failed for $file"
	exit 1
	fi
	done

	- name: Start Traefik container with WAF rules
	run: \|
	echo "Starting Traefik container..."
	sudo docker run -d \
	--name traefik-waf \
	-p ${{ env.TRAEFIK_PORT }}:80 \
	-v $(pwd)/waf_patterns/traefik:/etc/traefik \
	traefik:latest
	echo "Traefik is running on port ${{ env.TRAEFIK_PORT }}."

	- name: Check Traefik container logs
	run: \|
	echo "Checking Traefik container logs..."
	sudo docker logs traefik-waf

	- name: Validate services are running
	run: \|
	echo "Validating services are running..."
	# Check if Nginx is running
	if ! curl -s http://localhost:${{ env.NGINX_PORT }} > /dev/null; then
	echo "Error: Nginx is not running!"
	sudo docker logs nginx-waf
	exit 1
	fi
	echo "Nginx is running successfully."

	# Check if Apache is running
	if ! curl -s http://localhost:${{ env.APACHE_PORT }} > /dev/null; then
	echo "Error: Apache is not running!"
	sudo docker logs apache-waf
	exit 1
	fi
	echo "Apache is running successfully."

	# Check if HAProxy is running
	if ! curl -s http://localhost:${{ env.HAPROXY_PORT }} > /dev/null; then
	echo "Error: HAProxy is not running!"
	sudo docker logs haproxy-waf
	exit 1
	fi
	echo "HAProxy is running successfully."

	# Check if Traefik is running
	if ! curl -s http://localhost:${{ env.TRAEFIK_PORT }} > /dev/null; then
	echo "Error: Traefik is not running!"
	sudo docker logs traefik-waf
	exit 1
	fi
	echo "Traefik is running successfully."

	- name: Test WAF rules
	run: \|
	echo "Testing WAF rules..."
	# Test Nginx WAF rules
	echo "Testing Nginx rules..."
	curl -s http://localhost:${{ env.NGINX_PORT }}/attack
	curl -s http://localhost:${{ env.NGINX_PORT }}/bots

	# Test Apache WAF rules
	echo "Testing Apache rules..."
	curl -s http://localhost:${{ env.APACHE_PORT }}/attack
	curl -s http://localhost:${{ env.APACHE_PORT }}/bots

	# Test HAProxy WAF rules
	echo "Testing HAProxy rules..."
	curl -s http://localhost:${{ env.HAPROXY_PORT }}/attack
	curl -s http://localhost:${{ env.HAPROXY_PORT }}/bots

	# Test Traefik WAF rules
	echo "Testing Traefik rules..."
	curl -s http://localhost:${{ env.TRAEFIK_PORT }}/attack
	curl -s http://localhost:${{ env.TRAEFIK_PORT }}/bots

	- name: Clean up containers
	if: always()
	run: \|
	echo "Stopping and removing containers..."
	sudo docker stop nginx-waf apache-waf haproxy-waf traefik-waf \|\| true
	sudo docker rm nginx-waf apache-waf haproxy-waf traefik-waf \|\| true
	echo "Containers stopped and removed."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update test_docker.yml #3

Workflow file

Update test_docker.yml #3

Jobs

Run details

Workflow file for this run