I hope you have successfully installed and configured LAMP
and Modsecurity on your Ubuntu 10.04 box (If not, see my last post here). Next
step is to configure Modsecurity with OWASP CRS (Core Rule Set) rules.
Basically it does not make any sense to just install Modsecurity without configuring
OWASP CRS rules as this will not protect you against any web attacks.
Here’s most simplest and workable steps for Ubuntu 10.04
environment:
1.
Download OWASP CRS from https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
2.
Extract the contents to folder named
"owasp"
3.
Copy owasp folder to /etc/apache2/rules
4.
Rename file
modsecurity_crs_10_setup.conf.example to modsecurity_crs_10_setup.conf
5.
Browse to /etc/apache2/conf.d/security file and
paste below lines inside <IfModule mod_security2.c>:
Include
/etc/apache2/rules/owasp/*.conf
Include
/etc/apache2/rules/owasp/base_rules/*.conf
6.
Restart apache2
sudo
/etc/init.d/apache2 restart
Try attack payloads:
If configured correctly, you should get a 403 Forbidden
page:
Below are the logs from mod security (/etc/apache2/logs/modsec_audit.log):
Your Modsecurity is now configured with basic OWASP CRS
which is sufficient to protect you from common web application attacks.
Happy Reading !!!
No comments:
Post a Comment