Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How to configure ModSecurity on CentOS 8?
|
From: Ervin H. <ai...@gm...> - 2021-03-01 09:26:13
|
hi Jason, On Sat, Feb 27, 2021 at 09:52:58AM +0000, Jason Long wrote: > Hi Ervin,Thank you so much for your help.My problem was that I forgot to install "mod_security_crs" package. After it, I have a "modsecurity.d" directory in the "/etc/httpd" directory.I changed "SecRuleEngine DetectionOnly" to "SecRuleEngine On" and restarted my Apache. I have some questions: > 1- In the "modsecurity.d" directory, I have below directories: > activated_rules crs-setup.conf local_rules > > Which directory is OK for the OWASP ModSecurity Rules? I assume that crs-setup.conf is a regular file, not a directory. Also I think local_rules contains the whole rule set, activated_rules contains symlinks to rule files to local_rules. You have to decide, what rules you need. crs-setup.conf is a configuration file for CRS - you can set up the CRS variables, eg. paranoia level, and many other things. Please check this file: https://github.com/coreruleset/coreruleset/blob/v3.4/dev/INSTALL > 2- Any header must be enabled in the "httpd.conf" file? Sorry, what do you mean exactly? Which header? I don't know CentOS, but I assume in httpd.conf you have to enable the security module. > 3- I scanned my website with "Sucuri Security", but it can't detect any Website Firewall. Why? I have no idea - may be you should ask Sucuri... (Note, I also checked one of my server, which *RUNS* ModSecurity, and I got same result...) > 4- Why ModSecurity does not allow uploading files to the website? Which log file must be examined? you should check the Apache's error.log, and if the audit.log is enabled that file too. a. |
