[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ModSecurity Debian 8

I have spent about 2 days trying to understand how to setup mod-security on my web server.

I choose to rely on packages in the official repo, so if possible I will not compile packages.

Is correct to say that I can't have mod-security in nginx?
Is mod-security only available in apache2?

Then I'm looking for some instruction about installing. There are a lot of outdated material and is difficult to learn the right stuff.

Here is what I have typed:

apt-get install libcurl3-gnutls liblua5.1-0 libxml2
apt-get install libapache2-mod-security2
apt-get install modsecuriy-crs
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo nano /etc/modsecurity/modsecurity.conf

I have turned on the option SecRuleEngine

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git

Now... my questions are:

1) Where I have to put the rules
2) Which other config files I have to edit
3) How I enable modsecurity on my website
4) Do you have sample config file to share?

Thanks a lot for your help.

Anders. LA.

Reply to: