Re: ModSecurity Debian 8

To: "lannoun@runbox.com" <lannoun@runbox.com>
Cc: debian-security@lists.debian.org
Subject: Re: ModSecurity Debian 8
From: Casper Madsen <maveas@gmail.com>
Date: Tue, 21 Mar 2017 08:16:35 +0100
Message-id: <[🔎] 96F66888-9D66-45B5-BDA2-E0D489FA966E@gmail.com>
In-reply-to: <[🔎] af5b071e-ad9e-2e68-c4c6-2ebc5edf5c07@runbox.com>
References: <[🔎] af5b071e-ad9e-2e68-c4c6-2ebc5edf5c07@runbox.com>

Hi Anders. 

If you are using nginx take a look at naxsi. 

Best regards
Casper

> Den 20. mar. 2017 kl. 19.52 skrev "lannoun@runbox.com" <lannoun@runbox.com>:
> 
> Hi,
> I have spent about 2 days trying to understand how to setup mod-security on my web server.
> 
> I choose to rely on packages in the official repo, so if possible I will not compile packages.
> 
> Is correct to say that I can't have mod-security in nginx?
> Is mod-security only available in apache2?
> 
> Then I'm looking for some instruction about installing. There are a lot of outdated material and is difficult to learn the right stuff.
> 
> 
> Here is what I have typed:
> 
> 
> apt-get install libcurl3-gnutls liblua5.1-0 libxml2
> apt-get install libapache2-mod-security2
> apt-get install modsecuriy-crs
> sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
> sudo nano /etc/modsecurity/modsecurity.conf
> 
> 
> I have turned on the option SecRuleEngine
> 
> git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
> 
> 
> Now... my questions are:
> 
> 1) Where I have to put the rules
> 2) Which other config files I have to edit
> 3) How I enable modsecurity on my website
> 4) Do you have sample config file to share?
> 
> 
> Thanks a lot for your help.
> 
> Anders. LA.
>

Reply to:

References:
- ModSecurity Debian 8
  - From: "lannoun@runbox.com" <lannoun@runbox.com>

Prev by Date: Re: ModSecurity Debian 8
Next by Date: Re: ModSecurity Debian 8
Previous by thread: Re: ModSecurity Debian 8
Next by thread: Re: [SECURITY] [DSA 3817-1] jbig2dec security update
Index(es):
- Date
- Thread