ModSecurity Debian 8

To: debian-security@lists.debian.org
Subject: ModSecurity Debian 8
From: "lannoun@runbox.com" <lannoun@runbox.com>
Date: Mon, 20 Mar 2017 19:52:56 +0100
Message-id: <[🔎] af5b071e-ad9e-2e68-c4c6-2ebc5edf5c07@runbox.com>

Hi,

I have spent about 2 days trying to understand how to setup mod-securityon my web server.

I choose to rely on packages in the official repo, so if possible Iwill not compile packages.


Is correct to say that I can't have mod-security in nginx?
Is mod-security only available in apache2?

Then I'm looking for some instruction about installing. There are a lotof outdated material and is difficult to learn the right stuff.



Here is what I have typed:


apt-get install libcurl3-gnutls liblua5.1-0 libxml2
apt-get install libapache2-mod-security2
apt-get install modsecuriy-crs

sudo mv /etc/modsecurity/modsecurity.conf-recommended/etc/modsecurity/modsecurity.conf

sudo nano /etc/modsecurity/modsecurity.conf


I have turned on the option SecRuleEngine

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git


Now... my questions are:

1) Where I have to put the rules
2) Which other config files I have to edit
3) How I enable modsecurity on my website
4) Do you have sample config file to share?


Thanks a lot for your help.

Anders. LA.

Reply to:

Follow-Ups:
- Re: ModSecurity Debian 8
  - From: Krzysztof Kokot <kokot300@gmail.com>
- Re: ModSecurity Debian 8
  - From: Alberto Gonzalez Iniesta <agi@inittab.org>
- Re: ModSecurity Debian 8
  - From: Casper Madsen <maveas@gmail.com>

Prev by Date: Re: HTTPS needs to be implemented for updating
Next by Date: Re: ModSecurity Debian 8
Previous by thread: Re: HTTPS needs to be implemented for updating
Next by thread: Re: ModSecurity Debian 8
Index(es):
- Date
- Thread