How to implement mod security with Owasp?

From PheonixSolutions
Jump to navigation Jump to search

Step -1:

Login to the server

Step -2:

Download the latest OWASP CRS from GitHub and extract the rules into /usr/local or another location of your choice. 

 wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.0.2.tar.gz

 tar -xzvf v3.0.2.tar.gz

 sudo mv owasp-modsecurity-crs-3.0.2 /usr/local

Step 3:

Create the crs‑setup.conf file as a copy of crs‑setup.conf.example. 

 cd /usr/local/owasp-modsecurity-crs-3.0.2

 sudo cp crs-setup.conf.example crs-setup.conf

Step 4:

Create the folder /etc/nginx/modsec for storing NGINX ModSecurity WAF configure 

 sudo mkdir /etc/nginx/modsec

Step 5: Download the file of recommended ModSecurity configuration from the v3/master branch of the ModSecurity GitHub repo and name it modsecurity.conf: 

 cd /etc/nginx/modsec

 sudo wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v3/master/modsecurity.conf-recommended

 sudo mv modsecurity.conf-recommended modsecurity.conf

Step 6: Enable execution of rules by commenting out the existing SecRuleEngine directive in modsecurity.conf and adding the indicated directive. We will define the sample rule in the next step. 

  #SecRuleEngine DetectionOnly
  SecRuleEngine On

Step 7:

Create the main NGINX ModSecurity WAF configuration file, /etc/nginx/modsec/main.conf, and define a rule in it:

  #Include the recommended configuration
  Include /etc/nginx/modsec/modsecurity.conf
  # A test rule

SecRule ARGS:testparam "@contains test" "id:1234,deny,log,status:403"

Step 8:

Reload the NGINX Plus configuration:

 sudo nginx -s reload

Step 9:

Verify that the rule configured in Step 7 works correctly, by making a request that includes the string test in the value of the query string testparam parameter. 

 curl -D - http://localhost/foo?testparam=thisisatestofmodsecurity
Retrieved from "https://wiki.pheonixsolutions.com/index.php?title=How_to_implement_mod_security_with_Owasp%3F&oldid=2068"