[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ModSecurity Debian 8

On Mon, Mar 20, 2017 at 07:52:56PM +0100, lannoun@runbox.com wrote:
> Hi,
> I have spent about 2 days trying to understand how to setup mod-security on
> my web server.
>  I choose to rely on packages in the official repo, so if possible I will
> not compile packages.
> Is correct to say that I can't have mod-security in nginx?
> Is mod-security only available in apache2?
> Then I'm looking for some instruction about installing. There are a lot of
> outdated material and is difficult to learn the right stuff.
> Here is what I have typed:
> apt-get install libcurl3-gnutls liblua5.1-0 libxml2
> apt-get install libapache2-mod-security2
> apt-get install modsecuriy-crs
> sudo mv /etc/modsecurity/modsecurity.conf-recommended
> /etc/modsecurity/modsecurity.conf
> sudo nano /etc/modsecurity/modsecurity.conf
> I have turned on the option SecRuleEngine
> git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
> Now... my questions are:
> 1) Where I have to put the rules
> 2) Which other config files I have to edit
> 3) How I enable modsecurity on my website
> 4) Do you have sample config file to share?

Hi there,

Debian's modsecurity packages will only work with Apache. In order to
get modsecurity to work with nginx you'll have to re-compile nginx and
modsecurity. This may help you:



Alberto Gonzalez Iniesta    | Formación, consultoría y soporte técnico
mailto/sip: agi@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D  4BF2 009B 3375 6B9A AA55

Reply to: