Mod Security2

Install modsecurity2

apt-get install libapache2-mod-security2 lua50
sudo a2enmod security2
sudo a2enmod headers

Install CRS

wget -O /tmp/modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
cd /tmp
tar xvzf modsecurity-crs.tar.gz
mv SpiderLabs-* /usr/local/share/modsecurity-crs
cd /usr/local/share/modsecurity-crs
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

Configure

cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
nano /etc/modsecurity/modsecurity.conf

At the bottom it should look something like the following:

SecStatusEngine On

Include /usr/local/share/modsecurity-crs/*.conf
Include /usr/local/share/modsecurity-crs/base_rules/*.conf
Include /usr/local/share/modsecurity-crs/optional_rules/*.conf
/var/customers/webs/cw01/wiki/data/pages/apache2/modsecurity2.txt · Last modified: 2016/05/09 10:58 by wadmin
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki