Tuesday, January 15, 2013

Mod security sample configuration

on CentOS
sudo yum install mod_security


follow instruction here:
https://github.com/SpiderLabs/owasp-modsecurity-crs

copy modsecurity_crs_10_setup.conf.example and name as modsecurity_crs_10_setup.conf

add this to modsecurity_crs_10_setup.conf on top:
SecRuleEngine On


after install, edit
/etc/httpd/conf/conf.d/00.modsecurity.conf
add :
Include 
[path-to-crs]/modsecurity_crs_10_setup.conf
[path-to-crs]/base_rules/*.conf


No comments: