Tuesday, July 9, 2013

Configuring ModSecurity with OWASP CRS – Part II

I hope you have successfully installed and configured LAMP and Modsecurity on your Ubuntu 10.04 box (If not, see my last post here). Next step is to configure Modsecurity with OWASP CRS (Core Rule Set) rules. Basically it does not make any sense to just install Modsecurity without configuring OWASP CRS rules as this will not protect you against any web attacks.

Here’s most simplest and workable steps for Ubuntu 10.04 environment:



2.       Extract the contents to folder named "owasp"
3.       Copy owasp folder to /etc/apache2/rules
4.       Rename file modsecurity_crs_10_setup.conf.example to modsecurity_crs_10_setup.conf
5.       Browse to /etc/apache2/conf.d/security file and paste below lines inside <IfModule mod_security2.c>:

Include /etc/apache2/rules/owasp/*.conf
Include /etc/apache2/rules/owasp/base_rules/*.conf

6.       Restart apache2

sudo /etc/init.d/apache2 restart

Try attack payloads:

If configured correctly, you should get a 403 Forbidden page:






Below are the logs from mod security (/etc/apache2/logs/modsec_audit.log):


Your Modsecurity is now configured with basic OWASP CRS which is sufficient to protect you from common web application attacks.


Happy Reading !!!

No comments:

Post a Comment