When you need to protect an application against XSS and other nasty attacks, but you can’t modify the source code, ModSecurity can save the day.
- Install apache
- Install ModSecurity
- Setup apache as a proxy with the following configuration
<Location /> ProxyPass https://www.test.com/ ProxyPassReverse https://www.test.com/ #SecRuleRemoveById 999999 whitelist any rules here </Location>
- Turn on /etc/modsecurity/modsecurity.conf
SecRuleEngine On #SecRuleEngine DetectionOnly
5. Turn on CRS blocking in /etc/modsecurity/crs/crs-setup.conf
SecDefaultAction "phase:1,log,auditlog,deny" SecDefaultAction "phase:2,log,auditlog,deny" #SecDefaultAction "phase:1,log,auditlog,pass" #SecDefaultAction "phase:2,log,auditlog,pass"
6. Watch /var/log/apache2/modsec_audit.log for false positives and tweak rules accordingly