fix: use per version config file

Signed-off-by: Felipe Zipitria <[email protected]>

Author: fzipi

.github/workflows/verifyimage.yml

@@ -83,8 +83,17 @@ jobs:
 
       - name: Run ${{ matrix.target }}
         run: |
+          # get the major version from the matrix.target 
+          # Format: apache-debian-3-3-7, apache-alpine-4-18-0, nginx-debian-writable-3-3-7, nginx-alpine-writable-4-18-0
+          if echo "${{ matrix.target }}" | grep -q "nginx"; then
+            # nginx format: nginx-debian-writable-3-3-7 (5 parts) -> get $4
+            CRS_VERSION="v$(echo "${{ matrix.target }}" | awk -F'-' '{print $4}')"
+          else
+            # apache format: apache-debian-3-3-7 (4 parts) -> get $3
+            CRS_VERSION="v$(echo "${{ matrix.target }}" | awk -F'-' '{print $3}')"
+          fi
           . .github/workflows/configure-rules-for-test.sh \
-            src/opt/modsecurity/configure-rules.conf \
+            src/opt/modsecurity/configure-rules.${CRS_VERSION}.conf \
             README.md \
             "${{ matrix.target }}.env"
           echo "Starting container ${{ matrix.target }}-verification"

src/opt/modsecurity/configure-rules.v3.conf

@@ -16,8 +16,7 @@ false|ALLOWED_REQUEST_CONTENT_TYPE|900220|allowed_request_content_type|applicati
 false|ALLOWED_REQUEST_CONTENT_TYPE_CHARSET|900280|allowed_request_content_type_charset|utf-8
 false|ALLOWED_HTTP_VERSIONS|900230|allowed_http_versions|1.1
 false|RESTRICTED_EXTENSIONS|900240|restricted_extensions|.exe/
-false|RESTRICTED_HEADERS_BASIC|900250|restricted_headers_basic|/if/
-false|RESTRICTED_HEADERS_EXTENDED|900255|restricted_headers_extended|/x-some-header/
+false|RESTRICTED_HEADERS_BASIC|900250|restricted_headers|/if/
 false|MAX_NUM_ARGS|900300|max_num_args|100
 false|ARG_NAME_LENGTH|900310|arg_name_length|200
 false|ARG_LENGTH|900320|arg_length|300