Re: ModSecurity Debian 8
Mod-security,
[opinioned]
"Blocks certain words that are normal. Decision to depend on it, depends on what your Apache server, serves. I run a forum that sometimes has over ten spambots at once. Running without that piece of art"
However, few, but not so few, 'no likey-likey' Mod security, and I regret remembering their bias.
Sorry, I can't tell much more then that. Responses to this post I deem 'friendly' [my post that is, not so friendly responses, I have a thick skin], might trigger my mind. [or won't]
[/opinoned]
--
Richard W.
The Netherlands
Krzysztof Kokot schreef op ma 20-03-2017 om 23:03 [+0100]:
Hi,
I can't help you a lot, in fact the only thing I can do is recommend you this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu. It works for me.
Cheers,
Krzysztof Kokot
20 mar 2017 19:53 "lannoun@runbox.com" <lannoun@runbox.com> napisał(a):
Hi,
I have spent about 2 days trying to understand how to setup mod-security on my web server.
I choose to rely on packages in the official repo, so if possible I will not compile packages.
Is correct to say that I can't have mod-security in nginx?
Is mod-security only available in apache2?
Then I'm looking for some instruction about installing. There are a lot of outdated material and is difficult to learn the right stuff.
Here is what I have typed:
apt-get install libcurl3-gnutls liblua5.1-0 libxml2
apt-get install libapache2-mod-security2
apt-get install modsecuriy-crs
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo nano /etc/modsecurity/modsecurity.conf
I have turned on the option SecRuleEngine
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Now... my questions are:
1) Where I have to put the rules
2) Which other config files I have to edit
3) How I enable modsecurity on my website
4) Do you have sample config file to share?
Thanks a lot for your help.
Anders. LA.
Reply to: