diff --git a/Dockerfile b/Dockerfile
index c24e983..a5015e6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,7 @@ RUN xcaddy build \
   --with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
   --with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
 
-FROM caddy:${CADDY_VERSION} AS caddy
+FROM docker.io/caddy:${CADDY_VERSION} AS caddy
 
 WORKDIR /
 
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 03935a7..6e2fb0e 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -1,31 +1,30 @@
 {
-    email {env.ACME_EMAIL}
-    servers {
-        	client_ip_headers X-Forwarded-For
-        	trusted_proxies static private_ranges
-        	trusted_proxies_strict
-    }
-    order crowdsec before respond
-    crowdsec {
-          api_url http://crowdsec:8080
-          api_key {$CROWDSEC_API_KEY}
-					ticker_interval 15s
-    }
-		log {
-					level INFO
-					output file /var/log/caddy/access.log
-		}
+	email {env.ACME_EMAIL}
+	servers {
+		client_ip_headers X-Forwarded-For
+		trusted_proxies static private_ranges
+		trusted_proxies_strict
+	}
+	order crowdsec before respond
+	crowdsec {
+		api_url http://crowdsec:8080
+		api_key {$CROWDSEC_API_KEY}
+		ticker_interval 15s
+		appsec_url http://crowdsec:7422
+	}
+	log {
+		level INFO
+		output file /var/log/caddy/access.log
+	}
 }
 
 ductcalc.pro {
+	tls {
+		dns cloudflare {env.CF_AUTH_TOKEN}
+		resolvers 1.1.1.1
+	}
 
-			tls {
-						dns cloudflare {env.CF_AUTH_TOKEN}
-						resolvers 1.1.1.1
-			}
-
-			log
-			crowdsec
-			reverse_proxy http://ductcalc:8080
+	log
+	crowdsec
+	reverse_proxy http://ductcalc:8080
 }
-
diff --git a/compose.yaml b/compose.yaml
index f8d5d51..0c775b9 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -34,7 +34,7 @@ services:
     restart: unless-stopped
     environment:
       - GID=1000
-      - COLLECTIONS=crowdsecurity/linux crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors
+      - COLLECTIONS=crowdsecurity/linux crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
       - BOUNCER_KEY_CADDY=${CROWDSEC_API_KEY}
     volumes:
       - crowdsec_db:/var/lib/crowdsec/data/
diff --git a/crowdsec/appsec.yaml b/crowdsec/appsec.yaml
new file mode 100644
index 0000000..2494989
--- /dev/null
+++ b/crowdsec/appsec.yaml
@@ -0,0 +1,5 @@
+appsec_config: crowdsecurity/appsec-default
+labels:
+  type: appsec
+listen_addr: 127.0.0.1:7422
+source: appsec