WAF Proxy with ModSecurity and Apache

• 26 November 2018

When you need to protect an application against XSS and other nasty attacks, but you can't modify the source code, ModSecurity can save the day.

1. Install apache

2. Install ModSecurity

3. Setup apache as a proxy with the following configuration

   <Location />
    ProxyPass https://www.test.com/
    ProxyPassReverse https://www.test.com/
    
    #SecRuleRemoveById 999999 whitelist any rules here
    </Location>
    
    
   

4. Turn on /etc/modsecurity/modsecurity.conf

SecRuleEngine On
 
 #SecRuleEngine DetectionOnly

5. Turn on CRS blocking in /etc/modsecurity/crs/crs-setup.conf

SecDefaultAction "phase:1,log,auditlog,deny"
 SecDefaultAction "phase:2,log,auditlog,deny"
 
 #SecDefaultAction "phase:1,log,auditlog,pass"
 #SecDefaultAction "phase:2,log,auditlog,pass"

6. Watch /var/log/apache2/modsec_audit.log for false positives and tweak rules accordingly

• ← Previous
  Convert Proxmox .raw to HyperV .vhdx
• Next →
  HTTPs Inspection of Android APK