Skip to main content
coderpal

11 months ago

Lecture: Utilizing ModSecurity WAF

When I work with Centos 7 on the Linux Academy server, I have no problem implementing the ModSecurity rules, and it works right out of the box. However I am also working  with opensuse Leap 15 on my own computer. and I have encountered a few difficulties when creating the file modsecurity_includes.conf. When running nginx -t , I had three errors coming from the following requests:

owasp-modsecurity-crs/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf

owasp-modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf

owasp-modsecurity-crs/rules/REQUEST-914-FILE-DETECTION.conf

As soon as I commented them , nginx worked fine and I was able to simulate successfully a cross-site scripting attack on blog.example.com, as shown in the lecture.

When disabling temporarily Selinux, I have also the same errors.

My working hypothesis is that there is some code in these files incompatible with the configuration of Leap 15. Indeed, when looking which distros are compatible with modsecurity, opensuse Leap 15 is not one of them.



Image of keiththomps
keiththomps
11 months ago
Good to know. I'm not a openSUSE user so I was completely unaware of this. I just did some digging around and found this. Do those files happen to use the `configure` macro mentioned in that comment on the openSUSE package?
Image of coderpal
coderpal
11 months ago
I don't think so. I followed your procedure, except for the initialization of ModSecurity that is relatively different than in Centos 7.  I am right now installing the ModSecurity in Fedora 29, and even though it is similar to Centos, there is differences. For example, when you install the group 'development tools', you need also to install dnf groupinstall "C Development Tools and Libraries".