Re: ModSecurity Debian 8
Hi Anders.
If you are using nginx take a look at naxsi.
Best regards
Casper
> Den 20. mar. 2017 kl. 19.52 skrev "lannoun@runbox.com" <lannoun@runbox.com>:
>
> Hi,
> I have spent about 2 days trying to understand how to setup mod-security on my web server.
>
> I choose to rely on packages in the official repo, so if possible I will not compile packages.
>
> Is correct to say that I can't have mod-security in nginx?
> Is mod-security only available in apache2?
>
> Then I'm looking for some instruction about installing. There are a lot of outdated material and is difficult to learn the right stuff.
>
>
> Here is what I have typed:
>
>
> apt-get install libcurl3-gnutls liblua5.1-0 libxml2
> apt-get install libapache2-mod-security2
> apt-get install modsecuriy-crs
> sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
> sudo nano /etc/modsecurity/modsecurity.conf
>
>
> I have turned on the option SecRuleEngine
>
> git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
>
>
> Now... my questions are:
>
> 1) Where I have to put the rules
> 2) Which other config files I have to edit
> 3) How I enable modsecurity on my website
> 4) Do you have sample config file to share?
>
>
> Thanks a lot for your help.
>
> Anders. LA.
>
Reply to: