I am a new user (as in new to webadmin, mod_security and Apache), I’ve just installed mod_security (v. 2.5.12) on my Amazon Web Services EC2 instance and I am in need of guidance. I am slowly learning this stuff, so I beg your patience…
Right now I have things set up as described/prescribed in the ModSecurity Handbook; Im calling liblua and libxml2 in httpd.conf and loading the mod_security module there too. Then I’ve got the modsecurity.conf where the directory locations are laid out and some other options – all according to the Handbook.
When it comes to calling the rules (in their .conf files) what hierarchy is best? Does mod_security call everything (conf. files & rules themselves) in the order they are written/listed? If so, when is a good time to call a whitelist? First? Last?
I take it the SecRuleEngine call should be first in the modsecurity.conf file or does that go in the httpd.conf file?
Last but not least (for now) I’m going to be using the core rules (v.2.2.4). I see .data files in some of the directories… where do they go? Do I upload them to my server in the same directory as the .conf files themselves? Or do they go into a “data” directory? If they go into a separate directory, how do I reference them? (Or do I not have to, is that something the module checks on its own?
I am sorry for all the questions, but I do not want to screw anything up here. I’d rather be safe and thorough than sorry winging it.
Thanks for any and all assistance – I really appreciate it.