Getting Started With ModSecurity
May 19, 2009, 04:32 (0 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
[ Thanks to Andrew
Weber for this link. ]
"Tip #1: Develop A Basic Understanding of ModSecurity
Go to the modsecurity.org website, download and read the
documentation. Once that is done you need to know how to find a
"1. Locate a Policy
The rules will be located in the directory you create, probably
named modsecurity, and in that directory will be a list of rules.
These Core Rules provide generic protection from many unknown
vulnerabilities. You will not want to modify the Core Rules, except
to turn them on, as when you update you will erase your settings.
There are two files that have been created to create custom rules.
The first is the modsecurity_crs_15_customrules.conf which lists
rules that have been tested for your site and are working
effectively. The second is a bailout ruleset, in other words, if
you cannot get something to work you can place it in the
modsecurity_crs_65_temporary.conf until you can get it fixed. For
example, if you need to run ModSecurity but cannot get a specific
rule to work you can disable it in this file until you can get it
"You can see that the file represent different kinds of rules.
The 10_config provides the basic configuration and this is the file
that you will use to turn on ModSecurity rules. The collection of
rules provide protection for your web server, detects and protects
against bots, crawlers,scanners, it detects and protects against
trojans and limits error messages that will provide too much
information to attackers."