Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
|
From: Jason L. <hac...@ya...> - 2021-02-27 09:53:12
|
Hi Ervin,Thank you so much for your help.My problem was that I forgot to install "mod_security_crs" package. After it, I have a "modsecurity.d" directory in the "/etc/httpd" directory.I changed "SecRuleEngine DetectionOnly" to "SecRuleEngine On" and restarted my Apache. I have some questions:
1- In the "modsecurity.d" directory, I have below directories:
activated_rules crs-setup.conf local_rules
Which directory is OK for the OWASP ModSecurity Rules?
2- Any header must be enabled in the "httpd.conf" file?3- I scanned my website with "Sucuri Security", but it can't detect any Website Firewall. Why?4- Why ModSecurity does not allow uploading files to the website? Which log file must be examined?
Thank you.
On Friday, February 19, 2021, 10:41:36 AM GMT+3:30, Ervin Hegedüs <ai...@gm...> wrote:
Hi Jason,
On Fri, Feb 19, 2021 at 06:10:16AM +0000, Jason Long via mod-security-users wrote:
> Hello,I'm using CentOS 8 x86_64 and I want to configure ModSecurity for Apache. I looked at "https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache" tutorial, but I can't find any "/etc/modsecurity" directory!!!I used below find command to find that directory:
> # find / -name modsecurity -print
> But no result.
> Is "/etc/modsecurity" directory replaced by "/etc/httpd/conf.d/mod_security.conf" and "/etc/httpd/conf.modules.d/10-mod_security.conf" ?
I think you should install modsecurity-crs package:
https://git.centos.org/rpms/mod_security_crs/tree/c8
or donwload the latest stable version:
https://github.com/coreruleset/coreruleset/releases/tag/v3.3.0
Note, in this case the "/etc/modsecurity" directory not needed,
you can make your structure as you want.
Hope this helps,
a.
|
