Configurable "to" server, defaults to "localhost:8080
Use NGINX_PROXY_PASS
Mount a custom /rules if you have some extra rules, see modsec_includes.conf for order. Usually, it's fine to just use /rules/PRE-*.conf
/rules/PRE-*.conf - first
/rules/REQUEST-POST-*.conf - after all the REQUEST rules (useful for exclude rules)
/rules/POST-*.conf - last rules, after all RESPONSE rules as well
Normalized some paths
Fixed some compile warnings
Starts up in block-mode with paranoia lever 4, secure as default, make sure to add exlude rules
Some minor tweaks to nginx config
Compile support for passing host-ip as well, so you can use geoblock even behind a reverse proxy
tips
The default crs-setup.conf is fairly strict.. You should change it
If you need to write some exclude rules, look at the REQUEST-903.* files for ideas
To test project-honeypot blocks, add a rule like SecRule ARGS:IP "@rbl dnsbl.httpbl.org" "phase:1,id:171,t:none,deny,nolog,auditlog,msg:'RBL Match for SPAM Source', then do query like .../?IP=198.204.237.106. Use an ip from https://www.projecthoneypot.org/list_of_ips.php
To use geoip, you will need the token, and configure the crs-setup.conf to SecGeoLookupDB /var/lib/libmaxminddb/GeoLite2-City.mmdb