Add Variable to Ignore User-Agent in Logs (#80)

* Set trivy scan to exit 0, until we cleanup those false positives
* Add variable to ignore logs for certain User-Agents. This allows us to have a clearer log when using regular health checks

.github/workflows/test-latest-container-images.yaml

@@ -39,6 +39,7 @@ jobs:
           image-ref: docker.io/martialblog/limesurvey:5-${{ matrix.context }}
           format: 'template'
           template: '@/contrib/sarif.tpl'
+          exit-code: '0'
           output: trivy-results-5-${{ matrix.context }}.sarif
           severity: 'CRITICAL,HIGH'
 

.github/workflows/test-lts-container-images.yaml

@@ -39,6 +39,7 @@ jobs:
           image-ref: docker.io/martialblog/limesurvey:3-${{ matrix.context }}
           format: 'template'
           template: '@/contrib/sarif.tpl'
+          exit-code: '0'
           output: trivy-results-3-${{ matrix.context }}.sarif
           severity: 'CRITICAL,HIGH'
 

3.0/apache/Dockerfile

@@ -76,6 +76,7 @@ RUN set -ex; \
 
 WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
+COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf
 USER $USER
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["apache2-foreground"]

3.0/apache/vhosts-access-log.conf

@@ -0,0 +1,3 @@
+SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog

5.0/apache/Dockerfile

@@ -79,6 +79,7 @@ EXPOSE $LISTEN_PORT
 
 WORKDIR /var/www/html
 COPY entrypoint.sh entrypoint.sh
+COPY vhosts-access-log.conf /etc/apache2/conf-enabled/other-vhosts-access-log.conf
 USER $USER
 ENTRYPOINT ["/var/www/html/entrypoint.sh"]
 CMD ["apache2-foreground"]

5.0/apache/vhosts-access-log.conf

@@ -0,0 +1,3 @@
+SetEnvIF User-Agent "(?i)(check|health|probe)" dontlog
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog