Thread: [mod-security-users] Deployment Options
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: Parrish, K. <Kyl...@Th...> - 2018-12-14 15:14:18
|
Good morning all, Seeking advice on deploying a Web Application Firewall. I'm pretty familiar with WAFs and what they will do but stuck on an ideal deployment structure. Lets say there are 20 websites sitting behind a reverse proxy. My idea would be to have: 1. Request hits proxy 2. Checks to see if it has been WAF'ed or not 3. Sends to WAF 4. If approved goes back to be proxied to correct backend Now, would it be okay to have 20 sites sent through a single WAF or should each site be configured for its own? I am looking to use OWASP ModSecurity for the WAF ruleset but not familiar with its scalability yet. Hoping someone else has already gone down this path and could shed some light on it. B. Kyle Parrish |
|
From: Christian F. <chr...@ne...> - 2018-12-14 15:24:35
|
Good evening to you, Kyle, ModSecurity is usually sitting inline on the proxy. But it's perfectly OK to have the proxy serve several if not hundreds of backends. The problem is much more a problem of overall throughput (expect ModSec to eat 10% of throughput for an average internet site, but your mileage may vary greatly) and in some cases a RAM problem with rule set duplication in memory. Generally: ModSec should not have any problem serving your scenario (if you change it to "the proxy is the WAF") Cheers, Christian On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > Good morning all, > > Seeking advice on deploying a Web Application Firewall. > > I'm pretty familiar with WAFs and what they will do but stuck on an ideal deployment structure. > > Lets say there are 20 websites sitting behind a reverse proxy. > My idea would be to have: > > 1. Request hits proxy > 2. Checks to see if it has been WAF'ed or not > 3. Sends to WAF > 4. If approved goes back to be proxied to correct backend > > Now, would it be okay to have 20 sites sent through a single WAF or should each site be configured for its own? > > I am looking to use OWASP ModSecurity for the WAF ruleset but not familiar with its scalability yet. > > Hoping someone else has already gone down this path and could shed some light on it. > > B. Kyle Parrish > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Parrish, K. <Kyl...@Th...> - 2018-12-14 15:34:32
|
Thank you for your prompt response. We currently have HAProxy serving our sites as a reverse proxy which doesn't nativily support modsecurity. What would you recommend in this scenario? -----Original Message----- From: Christian Folini <chr...@ne...> Sent: Friday, December 14, 2018 10:24 To: mod...@li... Subject: Re: [mod-security-users] Deployment Options Good evening to you, Kyle, ModSecurity is usually sitting inline on the proxy. But it's perfectly OK to have the proxy serve several if not hundreds of backends. The problem is much more a problem of overall throughput (expect ModSec to eat 10% of throughput for an average internet site, but your mileage may vary greatly) and in some cases a RAM problem with rule set duplication in memory. Generally: ModSec should not have any problem serving your scenario (if you change it to "the proxy is the WAF") Cheers, Christian On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > Good morning all, > > Seeking advice on deploying a Web Application Firewall. > > I'm pretty familiar with WAFs and what they will do but stuck on an ideal deployment structure. > > Lets say there are 20 websites sitting behind a reverse proxy. > My idea would be to have: > > 1. Request hits proxy > 2. Checks to see if it has been WAF'ed or not > 3. Sends to WAF > 4. If approved goes back to be proxied to correct backend > > Now, would it be okay to have 20 sites sent through a single WAF or should each site be configured for its own? > > I am looking to use OWASP ModSecurity for the WAF ruleset but not familiar with its scalability yet. > > Hoping someone else has already gone down this path and could shed some light on it. > > B. Kyle Parrish > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Eero V. <eer...@ik...> - 2018-12-14 15:35:41
|
How about Nginx with WAF as proxy? Eero Parrish, Kyle <Kyl...@th...> kirjoitti pe 14. jouluk. 2018 klo 17.15: > Good morning all, > > > > Seeking advice on deploying a Web Application Firewall. > > > > I’m pretty familiar with WAFs and what they will do but stuck on an ideal > deployment structure. > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > My idea would be to have: > > 1. Request hits proxy > 2. Checks to see if it has been WAF’ed or not > 3. Sends to WAF > 4. If approved goes back to be proxied to correct backend > > > > Now, would it be okay to have 20 sites sent through a single WAF or should > each site be configured for its own? > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not familiar > with its scalability yet. > > > > Hoping someone else has already gone down this path and could shed some > light on it. > > > > *B. Kyle Parrish* > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christian F. <chr...@ne...> - 2018-12-14 15:40:47
|
Oh, I see. Makes sense. Then your best option is Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application It's a proven and stable setup. Alternatively Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application but I think it still has too many rough edges for my taste. And the performance is not yet on-par with the traditional Apache setup. (But that's a wild field and not everybody agrees with me.) Either way, you may find my tutorials for Apache + ModSec and NGINX + ModSec on netnea.com helpful. Ahoj, Christian On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > Thank you for your prompt response. > > We currently have HAProxy serving our sites as a reverse proxy which doesn't nativily support modsecurity. > > What would you recommend in this scenario? > > -----Original Message----- > From: Christian Folini <chr...@ne...> > Sent: Friday, December 14, 2018 10:24 > To: mod...@li... > Subject: Re: [mod-security-users] Deployment Options > > Good evening to you, Kyle, > > ModSecurity is usually sitting inline on the proxy. But it's perfectly OK to > have the proxy serve several if not hundreds of backends. The problem is much > more a problem of overall throughput (expect ModSec to eat 10% of throughput > for an average internet site, but your mileage may vary greatly) and in > some cases a RAM problem with rule set duplication in memory. > > Generally: ModSec should not have any problem serving your scenario (if you > change it to "the proxy is the WAF") > > Cheers, > > Christian > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > Good morning all, > > > > Seeking advice on deploying a Web Application Firewall. > > > > I'm pretty familiar with WAFs and what they will do but stuck on an ideal deployment structure. > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > My idea would be to have: > > > > 1. Request hits proxy > > 2. Checks to see if it has been WAF'ed or not > > 3. Sends to WAF > > 4. If approved goes back to be proxied to correct backend > > > > Now, would it be okay to have 20 sites sent through a single WAF or should each site be configured for its own? > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not familiar with its scalability yet. > > > > Hoping someone else has already gone down this path and could shed some light on it. > > > > B. Kyle Parrish > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Manuel S. <spa...@gm...> - 2018-12-14 16:23:02
|
+1 to Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application El vie., 14 dic. 2018 a las 10:42, Christian Folini (< chr...@ne...>) escribió: > Oh, I see. Makes sense. > > Then your best option is > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > It's a proven and stable setup. Alternatively > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > but I think it still has too many rough edges for my taste. And the > performance is not yet on-par with the traditional Apache setup. > (But that's a wild field and not everybody agrees with me.) > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > ModSec > on netnea.com helpful. > > Ahoj, > > Christian > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > Thank you for your prompt response. > > > > We currently have HAProxy serving our sites as a reverse proxy which > doesn't nativily support modsecurity. > > > > What would you recommend in this scenario? > > > > -----Original Message----- > > From: Christian Folini <chr...@ne...> > > Sent: Friday, December 14, 2018 10:24 > > To: mod...@li... > > Subject: Re: [mod-security-users] Deployment Options > > > > Good evening to you, Kyle, > > > > ModSecurity is usually sitting inline on the proxy. But it's perfectly > OK to > > have the proxy serve several if not hundreds of backends. The problem is > much > > more a problem of overall throughput (expect ModSec to eat 10% of > throughput > > for an average internet site, but your mileage may vary greatly) and in > > some cases a RAM problem with rule set duplication in memory. > > > > Generally: ModSec should not have any problem serving your scenario (if > you > > change it to "the proxy is the WAF") > > > > Cheers, > > > > Christian > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > Good morning all, > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > ideal deployment structure. > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > My idea would be to have: > > > > > > 1. Request hits proxy > > > 2. Checks to see if it has been WAF'ed or not > > > 3. Sends to WAF > > > 4. If approved goes back to be proxied to correct backend > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > should each site be configured for its own? > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > familiar with its scalability yet. > > > > > > Hoping someone else has already gone down this path and could shed > some light on it. > > > > > > B. Kyle Parrish > > > > > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Eero V. <eer...@ik...> - 2018-12-14 15:50:50
|
or.. Haproxy enteprise that supports modsecurity waf internally. (this costs something like 1700€/haproxy/year) Eero Christian Folini <chr...@ne...> kirjoitti pe 14. jouluk. 2018 klo 17.41: > Oh, I see. Makes sense. > > Then your best option is > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > It's a proven and stable setup. Alternatively > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > but I think it still has too many rough edges for my taste. And the > performance is not yet on-par with the traditional Apache setup. > (But that's a wild field and not everybody agrees with me.) > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > ModSec > on netnea.com helpful. > > Ahoj, > > Christian > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > Thank you for your prompt response. > > > > We currently have HAProxy serving our sites as a reverse proxy which > doesn't nativily support modsecurity. > > > > What would you recommend in this scenario? > > > > -----Original Message----- > > From: Christian Folini <chr...@ne...> > > Sent: Friday, December 14, 2018 10:24 > > To: mod...@li... > > Subject: Re: [mod-security-users] Deployment Options > > > > Good evening to you, Kyle, > > > > ModSecurity is usually sitting inline on the proxy. But it's perfectly > OK to > > have the proxy serve several if not hundreds of backends. The problem is > much > > more a problem of overall throughput (expect ModSec to eat 10% of > throughput > > for an average internet site, but your mileage may vary greatly) and in > > some cases a RAM problem with rule set duplication in memory. > > > > Generally: ModSec should not have any problem serving your scenario (if > you > > change it to "the proxy is the WAF") > > > > Cheers, > > > > Christian > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > Good morning all, > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > ideal deployment structure. > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > My idea would be to have: > > > > > > 1. Request hits proxy > > > 2. Checks to see if it has been WAF'ed or not > > > 3. Sends to WAF > > > 4. If approved goes back to be proxied to correct backend > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > should each site be configured for its own? > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > familiar with its scalability yet. > > > > > > Hoping someone else has already gone down this path and could shed > some light on it. > > > > > > B. Kyle Parrish > > > > > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christian F. <chr...@ne...> - 2018-12-15 09:16:24
|
Thanks Eero. Never came across this. Do you have contact? On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: > or.. Haproxy enteprise that supports modsecurity waf internally. (this > costs something like 1700€/haproxy/year) > > Eero > > Christian Folini <chr...@ne...> kirjoitti pe 14. jouluk. > 2018 klo 17.41: > > > Oh, I see. Makes sense. > > > > Then your best option is > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > > > It's a proven and stable setup. Alternatively > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > > > but I think it still has too many rough edges for my taste. And the > > performance is not yet on-par with the traditional Apache setup. > > (But that's a wild field and not everybody agrees with me.) > > > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > > ModSec > > on netnea.com helpful. > > > > Ahoj, > > > > Christian > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > > Thank you for your prompt response. > > > > > > We currently have HAProxy serving our sites as a reverse proxy which > > doesn't nativily support modsecurity. > > > > > > What would you recommend in this scenario? > > > > > > -----Original Message----- > > > From: Christian Folini <chr...@ne...> > > > Sent: Friday, December 14, 2018 10:24 > > > To: mod...@li... > > > Subject: Re: [mod-security-users] Deployment Options > > > > > > Good evening to you, Kyle, > > > > > > ModSecurity is usually sitting inline on the proxy. But it's perfectly > > OK to > > > have the proxy serve several if not hundreds of backends. The problem is > > much > > > more a problem of overall throughput (expect ModSec to eat 10% of > > throughput > > > for an average internet site, but your mileage may vary greatly) and in > > > some cases a RAM problem with rule set duplication in memory. > > > > > > Generally: ModSec should not have any problem serving your scenario (if > > you > > > change it to "the proxy is the WAF") > > > > > > Cheers, > > > > > > Christian > > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > > Good morning all, > > > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > > ideal deployment structure. > > > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > > My idea would be to have: > > > > > > > > 1. Request hits proxy > > > > 2. Checks to see if it has been WAF'ed or not > > > > 3. Sends to WAF > > > > 4. If approved goes back to be proxied to correct backend > > > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > > should each site be configured for its own? > > > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > > familiar with its scalability yet. > > > > > > > > Hoping someone else has already gone down this path and could shed > > some light on it. > > > > > > > > B. Kyle Parrish > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
|
From: Eero V. <eer...@ik...> - 2018-12-15 09:27:43
|
https://www.haproxy.com/products/haproxy-enterprise-edition/ and I asked trial from: Selma Nametak <sna...@ha...> They say that it is compatible with modsecurity. "Yes you can use the ModSecurity CRS rules. Our WAF supports 3 modes: 1) SQL Injection/XSS protection only 2) ModSecurity Ruleset 3) Whitelist only" We are currently testing the product. Eero On Sat, Dec 15, 2018 at 11:17 AM Christian Folini < chr...@ne...> wrote: > Thanks Eero. Never came across this. Do you have contact? > > On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: > > or.. Haproxy enteprise that supports modsecurity waf internally. (this > > costs something like 1700€/haproxy/year) > > > > Eero > > > > Christian Folini <chr...@ne...> kirjoitti pe 14. jouluk. > > 2018 klo 17.41: > > > > > Oh, I see. Makes sense. > > > > > > Then your best option is > > > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > > > > > It's a proven and stable setup. Alternatively > > > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > > > > > but I think it still has too many rough edges for my taste. And the > > > performance is not yet on-par with the traditional Apache setup. > > > (But that's a wild field and not everybody agrees with me.) > > > > > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > > > ModSec > > > on netnea.com helpful. > > > > > > Ahoj, > > > > > > Christian > > > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > > > Thank you for your prompt response. > > > > > > > > We currently have HAProxy serving our sites as a reverse proxy which > > > doesn't nativily support modsecurity. > > > > > > > > What would you recommend in this scenario? > > > > > > > > -----Original Message----- > > > > From: Christian Folini <chr...@ne...> > > > > Sent: Friday, December 14, 2018 10:24 > > > > To: mod...@li... > > > > Subject: Re: [mod-security-users] Deployment Options > > > > > > > > Good evening to you, Kyle, > > > > > > > > ModSecurity is usually sitting inline on the proxy. But it's > perfectly > > > OK to > > > > have the proxy serve several if not hundreds of backends. The > problem is > > > much > > > > more a problem of overall throughput (expect ModSec to eat 10% of > > > throughput > > > > for an average internet site, but your mileage may vary greatly) and > in > > > > some cases a RAM problem with rule set duplication in memory. > > > > > > > > Generally: ModSec should not have any problem serving your scenario > (if > > > you > > > > change it to "the proxy is the WAF") > > > > > > > > Cheers, > > > > > > > > Christian > > > > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > > > Good morning all, > > > > > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > > > ideal deployment structure. > > > > > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > > > My idea would be to have: > > > > > > > > > > 1. Request hits proxy > > > > > 2. Checks to see if it has been WAF'ed or not > > > > > 3. Sends to WAF > > > > > 4. If approved goes back to be proxied to correct backend > > > > > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > > > should each site be configured for its own? > > > > > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > > > familiar with its scalability yet. > > > > > > > > > > Hoping someone else has already gone down this path and could shed > > > some light on it. > > > > > > > > > > B. Kyle Parrish > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > mod-security-users mailing list > > > > > mod...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Christian F. <chr...@ne...> - 2018-12-15 10:00:03
|
Thank you Eero. Sounds cool. It would be nice if you could share your test results. Off-list if that is a concern. Best, Christian On Sat, Dec 15, 2018 at 11:27:21AM +0200, Eero Volotinen wrote: > https://www.haproxy.com/products/haproxy-enterprise-edition/ and I asked > trial from: Selma Nametak <sna...@ha...> > > They say that it is compatible with modsecurity. > > "Yes you can use the ModSecurity CRS rules. > > Our WAF supports 3 modes: > > 1) SQL Injection/XSS protection only > > 2) ModSecurity Ruleset > > 3) Whitelist only" > > We are currently testing the product. > > Eero > > > > On Sat, Dec 15, 2018 at 11:17 AM Christian Folini < > chr...@ne...> wrote: > > > Thanks Eero. Never came across this. Do you have contact? > > > > On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: > > > or.. Haproxy enteprise that supports modsecurity waf internally. (this > > > costs something like 1700€/haproxy/year) > > > > > > Eero > > > > > > Christian Folini <chr...@ne...> kirjoitti pe 14. jouluk. > > > 2018 klo 17.41: > > > > > > > Oh, I see. Makes sense. > > > > > > > > Then your best option is > > > > > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > > > > > > > It's a proven and stable setup. Alternatively > > > > > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > > > > > > > but I think it still has too many rough edges for my taste. And the > > > > performance is not yet on-par with the traditional Apache setup. > > > > (But that's a wild field and not everybody agrees with me.) > > > > > > > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > > > > ModSec > > > > on netnea.com helpful. > > > > > > > > Ahoj, > > > > > > > > Christian > > > > > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > > > > Thank you for your prompt response. > > > > > > > > > > We currently have HAProxy serving our sites as a reverse proxy which > > > > doesn't nativily support modsecurity. > > > > > > > > > > What would you recommend in this scenario? > > > > > > > > > > -----Original Message----- > > > > > From: Christian Folini <chr...@ne...> > > > > > Sent: Friday, December 14, 2018 10:24 > > > > > To: mod...@li... > > > > > Subject: Re: [mod-security-users] Deployment Options > > > > > > > > > > Good evening to you, Kyle, > > > > > > > > > > ModSecurity is usually sitting inline on the proxy. But it's > > perfectly > > > > OK to > > > > > have the proxy serve several if not hundreds of backends. The > > problem is > > > > much > > > > > more a problem of overall throughput (expect ModSec to eat 10% of > > > > throughput > > > > > for an average internet site, but your mileage may vary greatly) and > > in > > > > > some cases a RAM problem with rule set duplication in memory. > > > > > > > > > > Generally: ModSec should not have any problem serving your scenario > > (if > > > > you > > > > > change it to "the proxy is the WAF") > > > > > > > > > > Cheers, > > > > > > > > > > Christian > > > > > > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > > > > Good morning all, > > > > > > > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > > > > ideal deployment structure. > > > > > > > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > > > > My idea would be to have: > > > > > > > > > > > > 1. Request hits proxy > > > > > > 2. Checks to see if it has been WAF'ed or not > > > > > > 3. Sends to WAF > > > > > > 4. If approved goes back to be proxied to correct backend > > > > > > > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > > > > should each site be configured for its own? > > > > > > > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > > > > familiar with its scalability yet. > > > > > > > > > > > > Hoping someone else has already gone down this path and could shed > > > > some light on it. > > > > > > > > > > > > B. Kyle Parrish > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > mod-security-users mailing list > > > > > > mod...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > Commercial ModSecurity Rules and Support from Trustwave's > > SpiderLabs: > > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > mod-security-users mailing list > > > > > mod...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > _______________________________________________ > > > > > mod-security-users mailing list > > > > > mod...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > |
|
From: Osama E. <oel...@gm...> - 2018-12-15 10:07:33
|
There is an open source patch to add this support to HAProxy as well - https://github.com/git001/haproxy-waf I haven't tried it myself but is was released in 2017 so it looks promising. On Sat, Dec 15, 2018, 9:01 PM Christian Folini <chr...@ne... wrote: > Thank you Eero. Sounds cool. > > It would be nice if you could share your test results. Off-list if that is > a > concern. > > Best, > > Christian > > On Sat, Dec 15, 2018 at 11:27:21AM +0200, Eero Volotinen wrote: > > https://www.haproxy.com/products/haproxy-enterprise-edition/ and I asked > > trial from: Selma Nametak <sna...@ha...> > > > > They say that it is compatible with modsecurity. > > > > "Yes you can use the ModSecurity CRS rules. > > > > Our WAF supports 3 modes: > > > > 1) SQL Injection/XSS protection only > > > > 2) ModSecurity Ruleset > > > > 3) Whitelist only" > > > > We are currently testing the product. > > > > Eero > > > > > > > > On Sat, Dec 15, 2018 at 11:17 AM Christian Folini < > > chr...@ne...> wrote: > > > > > Thanks Eero. Never came across this. Do you have contact? > > > > > > On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: > > > > or.. Haproxy enteprise that supports modsecurity waf internally. > (this > > > > costs something like 1700€/haproxy/year) > > > > > > > > Eero > > > > > > > > Christian Folini <chr...@ne...> kirjoitti pe 14. > jouluk. > > > > 2018 klo 17.41: > > > > > > > > > Oh, I see. Makes sense. > > > > > > > > > > Then your best option is > > > > > > > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > > > > > > > > > It's a proven and stable setup. Alternatively > > > > > > > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > > > > > > > > > but I think it still has too many rough edges for my taste. And the > > > > > performance is not yet on-par with the traditional Apache setup. > > > > > (But that's a wild field and not everybody agrees with me.) > > > > > > > > > > Either way, you may find my tutorials for Apache + ModSec and > NGINX + > > > > > ModSec > > > > > on netnea.com helpful. > > > > > > > > > > Ahoj, > > > > > > > > > > Christian > > > > > > > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > > > > > Thank you for your prompt response. > > > > > > > > > > > > We currently have HAProxy serving our sites as a reverse proxy > which > > > > > doesn't nativily support modsecurity. > > > > > > > > > > > > What would you recommend in this scenario? > > > > > > > > > > > > -----Original Message----- > > > > > > From: Christian Folini <chr...@ne...> > > > > > > Sent: Friday, December 14, 2018 10:24 > > > > > > To: mod...@li... > > > > > > Subject: Re: [mod-security-users] Deployment Options > > > > > > > > > > > > Good evening to you, Kyle, > > > > > > > > > > > > ModSecurity is usually sitting inline on the proxy. But it's > > > perfectly > > > > > OK to > > > > > > have the proxy serve several if not hundreds of backends. The > > > problem is > > > > > much > > > > > > more a problem of overall throughput (expect ModSec to eat 10% of > > > > > throughput > > > > > > for an average internet site, but your mileage may vary greatly) > and > > > in > > > > > > some cases a RAM problem with rule set duplication in memory. > > > > > > > > > > > > Generally: ModSec should not have any problem serving your > scenario > > > (if > > > > > you > > > > > > change it to "the proxy is the WAF") > > > > > > > > > > > > Cheers, > > > > > > > > > > > > Christian > > > > > > > > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > > > > > Good morning all, > > > > > > > > > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > > > > > > > > > I'm pretty familiar with WAFs and what they will do but stuck > on an > > > > > ideal deployment structure. > > > > > > > > > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > > > > > My idea would be to have: > > > > > > > > > > > > > > 1. Request hits proxy > > > > > > > 2. Checks to see if it has been WAF'ed or not > > > > > > > 3. Sends to WAF > > > > > > > 4. If approved goes back to be proxied to correct backend > > > > > > > > > > > > > > Now, would it be okay to have 20 sites sent through a single > WAF or > > > > > should each site be configured for its own? > > > > > > > > > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but > not > > > > > familiar with its scalability yet. > > > > > > > > > > > > > > Hoping someone else has already gone down this path and could > shed > > > > > some light on it. > > > > > > > > > > > > > > B. Kyle Parrish > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > mod-security-users mailing list > > > > > > > mod...@li... > > > > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > > Commercial ModSecurity Rules and Support from Trustwave's > > > SpiderLabs: > > > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > mod-security-users mailing list > > > > > > mod...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: > > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > mod-security-users mailing list > > > > > > mod...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > > Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: > > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > _______________________________________________ > > > > > mod-security-users mailing list > > > > > mod...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Eero V. <eer...@ik...> - 2018-12-15 10:25:54
|
Well. Not much modsecurity related stuff in that repo? ./LICENSE ./Dockerfile ./README.md ./.gitignore ./containerfiles/container-entrypoint.sh ./containerfiles/usr/local/etc/haproxy/haproxy.conf.template ./containerfiles/fix_get0privatekey_compat.diff ./.git/config ./.git/objects/pack/pack-b4c83d259e65bcc25c460c8db7a504c321849558.idx ./.git/objects/pack/pack-b4c83d259e65bcc25c460c8db7a504c321849558.pack ./.git/HEAD ./.git/info/exclude ./.git/logs/HEAD ./.git/logs/refs/heads/master ./.git/logs/refs/remotes/origin/HEAD ./.git/description ./.git/hooks/commit-msg.sample ./.git/hooks/pre-rebase.sample ./.git/hooks/pre-commit.sample ./.git/hooks/applypatch-msg.sample ./.git/hooks/fsmonitor-watchman.sample ./.git/hooks/pre-receive.sample ./.git/hooks/prepare-commit-msg.sample ./.git/hooks/post-update.sample ./.git/hooks/pre-applypatch.sample ./.git/hooks/pre-push.sample ./.git/hooks/update.sample ./.git/refs/heads/master ./.git/refs/remotes/origin/HEAD ./.git/index ./.git/packed-refs ./.travis.yml .. Eero On Sat, Dec 15, 2018 at 12:07 PM Osama Elnaggar <oel...@gm...> wrote: > There is an open source patch to add this support to HAProxy as well - > https://github.com/git001/haproxy-waf > > I haven't tried it myself but is was released in 2017 so it looks > promising. > > On Sat, Dec 15, 2018, 9:01 PM Christian Folini < > chr...@ne... wrote: > >> Thank you Eero. Sounds cool. >> >> It would be nice if you could share your test results. Off-list if that >> is a >> concern. >> >> Best, >> >> Christian >> >> On Sat, Dec 15, 2018 at 11:27:21AM +0200, Eero Volotinen wrote: >> > https://www.haproxy.com/products/haproxy-enterprise-edition/ and I >> asked >> > trial from: Selma Nametak <sna...@ha...> >> > >> > They say that it is compatible with modsecurity. >> > >> > "Yes you can use the ModSecurity CRS rules. >> > >> > Our WAF supports 3 modes: >> > >> > 1) SQL Injection/XSS protection only >> > >> > 2) ModSecurity Ruleset >> > >> > 3) Whitelist only" >> > >> > We are currently testing the product. >> > >> > Eero >> > >> > >> > >> > On Sat, Dec 15, 2018 at 11:17 AM Christian Folini < >> > chr...@ne...> wrote: >> > >> > > Thanks Eero. Never came across this. Do you have contact? >> > > >> > > On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: >> > > > or.. Haproxy enteprise that supports modsecurity waf internally. >> (this >> > > > costs something like 1700€/haproxy/year) >> > > > >> > > > Eero >> > > > >> > > > Christian Folini <chr...@ne...> kirjoitti pe 14. >> jouluk. >> > > > 2018 klo 17.41: >> > > > >> > > > > Oh, I see. Makes sense. >> > > > > >> > > > > Then your best option is >> > > > > >> > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application >> > > > > >> > > > > It's a proven and stable setup. Alternatively >> > > > > >> > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application >> > > > > >> > > > > but I think it still has too many rough edges for my taste. And >> the >> > > > > performance is not yet on-par with the traditional Apache setup. >> > > > > (But that's a wild field and not everybody agrees with me.) >> > > > > >> > > > > Either way, you may find my tutorials for Apache + ModSec and >> NGINX + >> > > > > ModSec >> > > > > on netnea.com helpful. >> > > > > >> > > > > Ahoj, >> > > > > >> > > > > Christian >> > > > > >> > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: >> > > > > > Thank you for your prompt response. >> > > > > > >> > > > > > We currently have HAProxy serving our sites as a reverse proxy >> which >> > > > > doesn't nativily support modsecurity. >> > > > > > >> > > > > > What would you recommend in this scenario? >> > > > > > >> > > > > > -----Original Message----- >> > > > > > From: Christian Folini <chr...@ne...> >> > > > > > Sent: Friday, December 14, 2018 10:24 >> > > > > > To: mod...@li... >> > > > > > Subject: Re: [mod-security-users] Deployment Options >> > > > > > >> > > > > > Good evening to you, Kyle, >> > > > > > >> > > > > > ModSecurity is usually sitting inline on the proxy. But it's >> > > perfectly >> > > > > OK to >> > > > > > have the proxy serve several if not hundreds of backends. The >> > > problem is >> > > > > much >> > > > > > more a problem of overall throughput (expect ModSec to eat 10% >> of >> > > > > throughput >> > > > > > for an average internet site, but your mileage may vary >> greatly) and >> > > in >> > > > > > some cases a RAM problem with rule set duplication in memory. >> > > > > > >> > > > > > Generally: ModSec should not have any problem serving your >> scenario >> > > (if >> > > > > you >> > > > > > change it to "the proxy is the WAF") >> > > > > > >> > > > > > Cheers, >> > > > > > >> > > > > > Christian >> > > > > > >> > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: >> > > > > > > Good morning all, >> > > > > > > >> > > > > > > Seeking advice on deploying a Web Application Firewall. >> > > > > > > >> > > > > > > I'm pretty familiar with WAFs and what they will do but stuck >> on an >> > > > > ideal deployment structure. >> > > > > > > >> > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. >> > > > > > > My idea would be to have: >> > > > > > > >> > > > > > > 1. Request hits proxy >> > > > > > > 2. Checks to see if it has been WAF'ed or not >> > > > > > > 3. Sends to WAF >> > > > > > > 4. If approved goes back to be proxied to correct backend >> > > > > > > >> > > > > > > Now, would it be okay to have 20 sites sent through a single >> WAF or >> > > > > should each site be configured for its own? >> > > > > > > >> > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but >> not >> > > > > familiar with its scalability yet. >> > > > > > > >> > > > > > > Hoping someone else has already gone down this path and could >> shed >> > > > > some light on it. >> > > > > > > >> > > > > > > B. Kyle Parrish >> > > > > > > >> > > > > > > >> > > > > > >> > > > > > >> > > > > > > _______________________________________________ >> > > > > > > mod-security-users mailing list >> > > > > > > mod...@li... >> > > > > > > >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> > > > > > > Commercial ModSecurity Rules and Support from Trustwave's >> > > SpiderLabs: >> > > > > > > http://www.modsecurity.org/projects/commercial/rules/ >> > > > > > > http://www.modsecurity.org/projects/commercial/support/ >> > > > > > >> > > > > > >> > > > > > >> > > > > > _______________________________________________ >> > > > > > mod-security-users mailing list >> > > > > > mod...@li... >> > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >> > > > > > Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> > > > > > http://www.modsecurity.org/projects/commercial/rules/ >> > > > > > http://www.modsecurity.org/projects/commercial/support/ >> > > > > > >> > > > > > >> > > > > > _______________________________________________ >> > > > > > mod-security-users mailing list >> > > > > > mod...@li... >> > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >> > > > > > Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> > > > > > http://www.modsecurity.org/projects/commercial/rules/ >> > > > > > http://www.modsecurity.org/projects/commercial/support/ >> > > > > >> > > > > >> > > > > _______________________________________________ >> > > > > mod-security-users mailing list >> > > > > mod...@li... >> > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >> > > > > Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> > > > > http://www.modsecurity.org/projects/commercial/rules/ >> > > > > http://www.modsecurity.org/projects/commercial/support/ >> > > > > >> > > >> > > >> > > > _______________________________________________ >> > > > mod-security-users mailing list >> > > > mod...@li... >> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >> > > > Commercial ModSecurity Rules and Support from Trustwave's >> SpiderLabs: >> > > > http://www.modsecurity.org/projects/commercial/rules/ >> > > > http://www.modsecurity.org/projects/commercial/support/ >> > > >> > > >> > > >> > > _______________________________________________ >> > > mod-security-users mailing list >> > > mod...@li... >> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >> > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> > > http://www.modsecurity.org/projects/commercial/rules/ >> > > http://www.modsecurity.org/projects/commercial/support/ >> > > >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > |
|
From: Eero V. <eer...@ik...> - 2018-12-15 11:52:01
|
Anyway. looks like there is some support for modsecurity 2.9.x in haproxy git? /Users/eero/haproxy/haproxy/contrib/modsecurity Support is provided using spoa? Not familiar what it means, but some information in readme file: "ModSecurity for HAProxy ----------------------- This is a third party deamon which speaks SPOE. It gives requests send by HAProxy to ModSecurity and returns the verdict. " Eero On Sat, Dec 15, 2018 at 12:25 PM Eero Volotinen <eer...@ik...> wrote: > Well. Not much modsecurity related stuff in that repo? > > ./LICENSE > > ./Dockerfile > > ./README.md > > ./.gitignore > > ./containerfiles/container-entrypoint.sh > > ./containerfiles/usr/local/etc/haproxy/haproxy.conf.template > > ./containerfiles/fix_get0privatekey_compat.diff > > ./.git/config > > ./.git/objects/pack/pack-b4c83d259e65bcc25c460c8db7a504c321849558.idx > > ./.git/objects/pack/pack-b4c83d259e65bcc25c460c8db7a504c321849558.pack > > ./.git/HEAD > > ./.git/info/exclude > > ./.git/logs/HEAD > > ./.git/logs/refs/heads/master > > ./.git/logs/refs/remotes/origin/HEAD > > ./.git/description > > ./.git/hooks/commit-msg.sample > > ./.git/hooks/pre-rebase.sample > > ./.git/hooks/pre-commit.sample > > ./.git/hooks/applypatch-msg.sample > > ./.git/hooks/fsmonitor-watchman.sample > > ./.git/hooks/pre-receive.sample > > ./.git/hooks/prepare-commit-msg.sample > > ./.git/hooks/post-update.sample > > ./.git/hooks/pre-applypatch.sample > > ./.git/hooks/pre-push.sample > > ./.git/hooks/update.sample > > ./.git/refs/heads/master > > ./.git/refs/remotes/origin/HEAD > > ./.git/index > > ./.git/packed-refs > > ./.travis.yml > > .. > > Eero > > On Sat, Dec 15, 2018 at 12:07 PM Osama Elnaggar <oel...@gm...> > wrote: > >> There is an open source patch to add this support to HAProxy as well - >> https://github.com/git001/haproxy-waf >> >> I haven't tried it myself but is was released in 2017 so it looks >> promising. >> >> On Sat, Dec 15, 2018, 9:01 PM Christian Folini < >> chr...@ne... wrote: >> >>> Thank you Eero. Sounds cool. >>> >>> It would be nice if you could share your test results. Off-list if that >>> is a >>> concern. >>> >>> Best, >>> >>> Christian >>> >>> On Sat, Dec 15, 2018 at 11:27:21AM +0200, Eero Volotinen wrote: >>> > https://www.haproxy.com/products/haproxy-enterprise-edition/ and I >>> asked >>> > trial from: Selma Nametak <sna...@ha...> >>> > >>> > They say that it is compatible with modsecurity. >>> > >>> > "Yes you can use the ModSecurity CRS rules. >>> > >>> > Our WAF supports 3 modes: >>> > >>> > 1) SQL Injection/XSS protection only >>> > >>> > 2) ModSecurity Ruleset >>> > >>> > 3) Whitelist only" >>> > >>> > We are currently testing the product. >>> > >>> > Eero >>> > >>> > >>> > >>> > On Sat, Dec 15, 2018 at 11:17 AM Christian Folini < >>> > chr...@ne...> wrote: >>> > >>> > > Thanks Eero. Never came across this. Do you have contact? >>> > > >>> > > On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: >>> > > > or.. Haproxy enteprise that supports modsecurity waf internally. >>> (this >>> > > > costs something like 1700€/haproxy/year) >>> > > > >>> > > > Eero >>> > > > >>> > > > Christian Folini <chr...@ne...> kirjoitti pe 14. >>> jouluk. >>> > > > 2018 klo 17.41: >>> > > > >>> > > > > Oh, I see. Makes sense. >>> > > > > >>> > > > > Then your best option is >>> > > > > >>> > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application >>> > > > > >>> > > > > It's a proven and stable setup. Alternatively >>> > > > > >>> > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application >>> > > > > >>> > > > > but I think it still has too many rough edges for my taste. And >>> the >>> > > > > performance is not yet on-par with the traditional Apache setup. >>> > > > > (But that's a wild field and not everybody agrees with me.) >>> > > > > >>> > > > > Either way, you may find my tutorials for Apache + ModSec and >>> NGINX + >>> > > > > ModSec >>> > > > > on netnea.com helpful. >>> > > > > >>> > > > > Ahoj, >>> > > > > >>> > > > > Christian >>> > > > > >>> > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: >>> > > > > > Thank you for your prompt response. >>> > > > > > >>> > > > > > We currently have HAProxy serving our sites as a reverse proxy >>> which >>> > > > > doesn't nativily support modsecurity. >>> > > > > > >>> > > > > > What would you recommend in this scenario? >>> > > > > > >>> > > > > > -----Original Message----- >>> > > > > > From: Christian Folini <chr...@ne...> >>> > > > > > Sent: Friday, December 14, 2018 10:24 >>> > > > > > To: mod...@li... >>> > > > > > Subject: Re: [mod-security-users] Deployment Options >>> > > > > > >>> > > > > > Good evening to you, Kyle, >>> > > > > > >>> > > > > > ModSecurity is usually sitting inline on the proxy. But it's >>> > > perfectly >>> > > > > OK to >>> > > > > > have the proxy serve several if not hundreds of backends. The >>> > > problem is >>> > > > > much >>> > > > > > more a problem of overall throughput (expect ModSec to eat 10% >>> of >>> > > > > throughput >>> > > > > > for an average internet site, but your mileage may vary >>> greatly) and >>> > > in >>> > > > > > some cases a RAM problem with rule set duplication in memory. >>> > > > > > >>> > > > > > Generally: ModSec should not have any problem serving your >>> scenario >>> > > (if >>> > > > > you >>> > > > > > change it to "the proxy is the WAF") >>> > > > > > >>> > > > > > Cheers, >>> > > > > > >>> > > > > > Christian >>> > > > > > >>> > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: >>> > > > > > > Good morning all, >>> > > > > > > >>> > > > > > > Seeking advice on deploying a Web Application Firewall. >>> > > > > > > >>> > > > > > > I'm pretty familiar with WAFs and what they will do but >>> stuck on an >>> > > > > ideal deployment structure. >>> > > > > > > >>> > > > > > > Lets say there are 20 websites sitting behind a reverse >>> proxy. >>> > > > > > > My idea would be to have: >>> > > > > > > >>> > > > > > > 1. Request hits proxy >>> > > > > > > 2. Checks to see if it has been WAF'ed or not >>> > > > > > > 3. Sends to WAF >>> > > > > > > 4. If approved goes back to be proxied to correct backend >>> > > > > > > >>> > > > > > > Now, would it be okay to have 20 sites sent through a single >>> WAF or >>> > > > > should each site be configured for its own? >>> > > > > > > >>> > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset >>> but not >>> > > > > familiar with its scalability yet. >>> > > > > > > >>> > > > > > > Hoping someone else has already gone down this path and >>> could shed >>> > > > > some light on it. >>> > > > > > > >>> > > > > > > B. Kyle Parrish >>> > > > > > > >>> > > > > > > >>> > > > > > >>> > > > > > >>> > > > > > > _______________________________________________ >>> > > > > > > mod-security-users mailing list >>> > > > > > > mod...@li... >>> > > > > > > >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> > > > > > > Commercial ModSecurity Rules and Support from Trustwave's >>> > > SpiderLabs: >>> > > > > > > http://www.modsecurity.org/projects/commercial/rules/ >>> > > > > > > http://www.modsecurity.org/projects/commercial/support/ >>> > > > > > >>> > > > > > >>> > > > > > >>> > > > > > _______________________________________________ >>> > > > > > mod-security-users mailing list >>> > > > > > mod...@li... >>> > > > > > >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> > > > > > Commercial ModSecurity Rules and Support from Trustwave's >>> SpiderLabs: >>> > > > > > http://www.modsecurity.org/projects/commercial/rules/ >>> > > > > > http://www.modsecurity.org/projects/commercial/support/ >>> > > > > > >>> > > > > > >>> > > > > > _______________________________________________ >>> > > > > > mod-security-users mailing list >>> > > > > > mod...@li... >>> > > > > > >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> > > > > > Commercial ModSecurity Rules and Support from Trustwave's >>> SpiderLabs: >>> > > > > > http://www.modsecurity.org/projects/commercial/rules/ >>> > > > > > http://www.modsecurity.org/projects/commercial/support/ >>> > > > > >>> > > > > >>> > > > > _______________________________________________ >>> > > > > mod-security-users mailing list >>> > > > > mod...@li... >>> > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> > > > > Commercial ModSecurity Rules and Support from Trustwave's >>> SpiderLabs: >>> > > > > http://www.modsecurity.org/projects/commercial/rules/ >>> > > > > http://www.modsecurity.org/projects/commercial/support/ >>> > > > > >>> > > >>> > > >>> > > > _______________________________________________ >>> > > > mod-security-users mailing list >>> > > > mod...@li... >>> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> > > > Commercial ModSecurity Rules and Support from Trustwave's >>> SpiderLabs: >>> > > > http://www.modsecurity.org/projects/commercial/rules/ >>> > > > http://www.modsecurity.org/projects/commercial/support/ >>> > > >>> > > >>> > > >>> > > _______________________________________________ >>> > > mod-security-users mailing list >>> > > mod...@li... >>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> > > http://www.modsecurity.org/projects/commercial/rules/ >>> > > http://www.modsecurity.org/projects/commercial/support/ >>> > > >>> >>> >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >> |
|
From: Eero V. <eer...@ik...> - 2018-12-15 20:33:40
|
Anyway, looking at ha proxy git source there is support for modsecurity 2.9.x via spoa protocol? it is something like modsecurity standalone binary. Eero Christian Folini <chr...@ne...> kirjoitti la 15. jouluk. 2018 klo 11.17: > Thanks Eero. Never came across this. Do you have contact? > > On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: > > or.. Haproxy enteprise that supports modsecurity waf internally. (this > > costs something like 1700€/haproxy/year) > > > > Eero > > > > Christian Folini <chr...@ne...> kirjoitti pe 14. jouluk. > > 2018 klo 17.41: > > > > > Oh, I see. Makes sense. > > > > > > Then your best option is > > > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > > > > > It's a proven and stable setup. Alternatively > > > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > > > > > but I think it still has too many rough edges for my taste. And the > > > performance is not yet on-par with the traditional Apache setup. > > > (But that's a wild field and not everybody agrees with me.) > > > > > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > > > ModSec > > > on netnea.com helpful. > > > > > > Ahoj, > > > > > > Christian > > > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > > > Thank you for your prompt response. > > > > > > > > We currently have HAProxy serving our sites as a reverse proxy which > > > doesn't nativily support modsecurity. > > > > > > > > What would you recommend in this scenario? > > > > > > > > -----Original Message----- > > > > From: Christian Folini <chr...@ne...> > > > > Sent: Friday, December 14, 2018 10:24 > > > > To: mod...@li... > > > > Subject: Re: [mod-security-users] Deployment Options > > > > > > > > Good evening to you, Kyle, > > > > > > > > ModSecurity is usually sitting inline on the proxy. But it's > perfectly > > > OK to > > > > have the proxy serve several if not hundreds of backends. The > problem is > > > much > > > > more a problem of overall throughput (expect ModSec to eat 10% of > > > throughput > > > > for an average internet site, but your mileage may vary greatly) and > in > > > > some cases a RAM problem with rule set duplication in memory. > > > > > > > > Generally: ModSec should not have any problem serving your scenario > (if > > > you > > > > change it to "the proxy is the WAF") > > > > > > > > Cheers, > > > > > > > > Christian > > > > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > > > Good morning all, > > > > > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > > > ideal deployment structure. > > > > > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > > > My idea would be to have: > > > > > > > > > > 1. Request hits proxy > > > > > 2. Checks to see if it has been WAF'ed or not > > > > > 3. Sends to WAF > > > > > 4. If approved goes back to be proxied to correct backend > > > > > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > > > should each site be configured for its own? > > > > > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > > > familiar with its scalability yet. > > > > > > > > > > Hoping someone else has already gone down this path and could shed > > > some light on it. > > > > > > > > > > B. Kyle Parrish > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > mod-security-users mailing list > > > > > mod...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
|
From: Parrish, K. <Kyl...@Th...> - 2018-12-17 13:16:50
|
I have seen references to that feature using SPOA but have yet to find instructions on how to configure it. Has anyone attempted setting this up? B. Kyle Parrish Cyber Security Engineer | The Villages® Technology Solutions Group Direct: 352.674.1508 | Support: 352.674.1530 From: Eero Volotinen <eer...@ik...> Sent: Saturday, December 15, 2018 15:33 To: mod...@li... Subject: Re: [mod-security-users] Deployment Options Anyway, looking at ha proxy git source there is support for modsecurity 2.9.x via spoa protocol? it is something like modsecurity standalone binary. Eero Christian Folini <chr...@ne...<mailto:chr...@ne...>> kirjoitti la 15. jouluk. 2018 klo 11.17: Thanks Eero. Never came across this. Do you have contact? On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: > or.. Haproxy enteprise that supports modsecurity waf internally. (this > costs something like 1700€/haproxy/year) > > Eero > > Christian Folini <chr...@ne...<mailto:chr...@ne...>> kirjoitti pe 14. jouluk. > 2018 klo 17.41: > > > Oh, I see. Makes sense. > > > > Then your best option is > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > > > It's a proven and stable setup. Alternatively > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > > > but I think it still has too many rough edges for my taste. And the > > performance is not yet on-par with the traditional Apache setup. > > (But that's a wild field and not everybody agrees with me.) > > > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > > ModSec > > on netnea.com<http://netnea.com> helpful. > > > > Ahoj, > > > > Christian > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > > Thank you for your prompt response. > > > > > > We currently have HAProxy serving our sites as a reverse proxy which > > doesn't nativily support modsecurity. > > > > > > What would you recommend in this scenario? > > > > > > -----Original Message----- > > > From: Christian Folini <chr...@ne...<mailto:chr...@ne...>> > > > Sent: Friday, December 14, 2018 10:24 > > > To: mod...@li...<mailto:mod...@li...> > > > Subject: Re: [mod-security-users] Deployment Options > > > > > > Good evening to you, Kyle, > > > > > > ModSecurity is usually sitting inline on the proxy. But it's perfectly > > OK to > > > have the proxy serve several if not hundreds of backends. The problem is > > much > > > more a problem of overall throughput (expect ModSec to eat 10% of > > throughput > > > for an average internet site, but your mileage may vary greatly) and in > > > some cases a RAM problem with rule set duplication in memory. > > > > > > Generally: ModSec should not have any problem serving your scenario (if > > you > > > change it to "the proxy is the WAF") > > > > > > Cheers, > > > > > > Christian > > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > > Good morning all, > > > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > > ideal deployment structure. > > > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > > My idea would be to have: > > > > > > > > 1. Request hits proxy > > > > 2. Checks to see if it has been WAF'ed or not > > > > 3. Sends to WAF > > > > 4. If approved goes back to be proxied to correct backend > > > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > > should each site be configured for its own? > > > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > > familiar with its scalability yet. > > > > > > > > Hoping someone else has already gone down this path and could shed > > some light on it. > > > > > > > > B. Kyle Parrish > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li...<mailto:mod...@li...> > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li...<mailto:mod...@li...> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li...<mailto:mod...@li...> > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li...<mailto:mod...@li...> > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > _______________________________________________ > mod-security-users mailing list > mod...@li...<mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ _______________________________________________ mod-security-users mailing list mod...@li...<mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Eero V. <eer...@ik...> - 2018-12-17 15:09:01
|
Well, there are instructions in this repo: https://github.com/git001/haproxy-waf You just need to rip off settings from docker file Eero Parrish, Kyle <Kyl...@th...> kirjoitti ma 17. jouluk. 2018 klo 15.19: > I have seen references to that feature using SPOA but have yet to find > instructions on how to configure it. > > > > Has anyone attempted setting this up? > > > > *B. Kyle Parrish* > > Cyber Security Engineer | The Villages® Technology Solutions Group > > Direct: 352.674.1508 | Support: 352.674.1530 > > > > *From:* Eero Volotinen <eer...@ik...> > *Sent:* Saturday, December 15, 2018 15:33 > *To:* mod...@li... > *Subject:* Re: [mod-security-users] Deployment Options > > > > Anyway, looking at ha proxy git source there is support for modsecurity > 2.9.x via spoa protocol? it is something like modsecurity standalone > binary. > > > > Eero > > > > Christian Folini <chr...@ne...> kirjoitti la 15. jouluk. > 2018 klo 11.17: > > Thanks Eero. Never came across this. Do you have contact? > > On Fri, Dec 14, 2018 at 05:50:30PM +0200, Eero Volotinen wrote: > > or.. Haproxy enteprise that supports modsecurity waf internally. (this > > costs something like 1700€/haproxy/year) > > > > Eero > > > > Christian Folini <chr...@ne...> kirjoitti pe 14. jouluk. > > 2018 klo 17.41: > > > > > Oh, I see. Makes sense. > > > > > > Then your best option is > > > > > > Net -> HAProxy -> Apache(s) + ModSec 2.9.x -> Backend Application > > > > > > It's a proven and stable setup. Alternatively > > > > > > Net -> HAProxy -> NGINX(s) + ModSec 3.0.x -> Backend Application > > > > > > but I think it still has too many rough edges for my taste. And the > > > performance is not yet on-par with the traditional Apache setup. > > > (But that's a wild field and not everybody agrees with me.) > > > > > > Either way, you may find my tutorials for Apache + ModSec and NGINX + > > > ModSec > > > on netnea.com helpful. > > > > > > Ahoj, > > > > > > Christian > > > > > > On Fri, Dec 14, 2018 at 03:34:16PM +0000, Parrish, Kyle wrote: > > > > Thank you for your prompt response. > > > > > > > > We currently have HAProxy serving our sites as a reverse proxy which > > > doesn't nativily support modsecurity. > > > > > > > > What would you recommend in this scenario? > > > > > > > > -----Original Message----- > > > > From: Christian Folini <chr...@ne...> > > > > Sent: Friday, December 14, 2018 10:24 > > > > To: mod...@li... > > > > Subject: Re: [mod-security-users] Deployment Options > > > > > > > > Good evening to you, Kyle, > > > > > > > > ModSecurity is usually sitting inline on the proxy. But it's > perfectly > > > OK to > > > > have the proxy serve several if not hundreds of backends. The > problem is > > > much > > > > more a problem of overall throughput (expect ModSec to eat 10% of > > > throughput > > > > for an average internet site, but your mileage may vary greatly) and > in > > > > some cases a RAM problem with rule set duplication in memory. > > > > > > > > Generally: ModSec should not have any problem serving your scenario > (if > > > you > > > > change it to "the proxy is the WAF") > > > > > > > > Cheers, > > > > > > > > Christian > > > > > > > > On Fri, Dec 14, 2018 at 02:50:27PM +0000, Parrish, Kyle wrote: > > > > > Good morning all, > > > > > > > > > > Seeking advice on deploying a Web Application Firewall. > > > > > > > > > > I'm pretty familiar with WAFs and what they will do but stuck on an > > > ideal deployment structure. > > > > > > > > > > Lets say there are 20 websites sitting behind a reverse proxy. > > > > > My idea would be to have: > > > > > > > > > > 1. Request hits proxy > > > > > 2. Checks to see if it has been WAF'ed or not > > > > > 3. Sends to WAF > > > > > 4. If approved goes back to be proxied to correct backend > > > > > > > > > > Now, would it be okay to have 20 sites sent through a single WAF or > > > should each site be configured for its own? > > > > > > > > > > I am looking to use OWASP ModSecurity for the WAF ruleset but not > > > familiar with its scalability yet. > > > > > > > > > > Hoping someone else has already gone down this path and could shed > > > some light on it. > > > > > > > > > > B. Kyle Parrish > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > mod-security-users mailing list > > > > > mod...@li... > > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: > > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > > > > _______________________________________________ > > > > mod-security-users mailing list > > > > mod...@li... > > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > > http://www.modsecurity.org/projects/commercial/rules/ > > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > > > _______________________________________________ > > > mod-security-users mailing list > > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > > http://www.modsecurity.org/projects/commercial/rules/ > > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
Thanks for helping keep SourceForge clean.
X