ModSecurity is a Web Application Firewall that protects your website from hacking attacks. It is Open Source and free to use. It can be used with webservers like Apache, Nginx, and IIS. To install ModSecurity with Nginx, we need to compile the ModSecurity Nginx module and activate it in the Nginx configuration file. Install the […]
Login to WHM. Go to ModSecurity™ Vendors. By default cpanel come with “OWASP ModSecurity Core Rule Set V3.0” rule. To enable it click on “+ install” link right side. To add a third party rule set, click on “Add Vendor” button. To install comodo WAF rules, enter
|
1 |
https://waf.comodo.com/doc/meta_comodo_apache.yaml |
Click “Load”, you will see some info […]
On a web site that is protected with ModSecurity, when admin edit HTML pages in admin area, ModSecurity falsely detect it as XSS attack. What we can do is disable specific rules that create this false positive. But in this case, it is bceause HTML is submitted. This application normally done need HTML submitted on […]
To install ModSecurity on Debian/Ubuntu Apache web server, run
|
1 |
apt-get install libapache2-mod-security2 |
Restart Apache web server
|
1 |
service apache2 restart |
Verify mod_security installed with
|
1 |
apachectl -M | grep security |
To activate ModSecurity rules, run
|
1 |
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf |
Edit
|
1 |
vi /etc/modsecurity/modsecurity.conf |
set
|
1 |
SecRuleEngine = on |
Get latest rules
|
1 2 |
mv /usr/share/modsecurity-crs /usr/share/modsecurity-crs.bk git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs |
Emable the config file
|
1 |
cp /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf |
Edit file
|
1 |
vi /etc/apache2/mods-enabled/security2.conf |
Add
|
1 2 |
IncludeOptional /usr/share/modsecurity-crs/*.conf IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf |
Restart Apache
|
1 |
service apache2 restart |
[…]
ModSecurity is a Web Application Firewall. Protect sites from SQL injection and Application level hacking. Install ModSecurity on Debian Install Nginx ModSecurity on CentOS 7 Disable ModSecurity for a specific URL To install ModSecurity on Ubuntu/Debian with Apache, run
|
1 |
apt install libapache2-mod-security2 -y |
verify Apache module is installed with
|
1 |
apachectl -M | grep security |
Enable config file
|
1 |
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf |
Update config
|
1 2 |
sed -i "s/SecRuleEngine DetectionOnly/SecRuleEngine On/" /etc/modsecurity/modsecurity.conf sed -i "s/SecResponseBodyAccess On/SecResponseBodyAccess Off/" /etc/modsecurity/modsecurity.conf |
Restart […]