Configuring ModSecurity with OWASP CRS – Part II

December 9, 2013
Pentests

We hope you have successfully installed and configured LAMP and Modsecurity on your Ubuntu 10.04 box (If not, see my last pos there). Next step is to configure Modsecurity with OWASP CRS (Core Rule Set) rules. Basically it does not make any sense to just install Modsecurity without configuring OWASP CRS rules as this will not protect you against any web attacks.

Here’s most simplest and workable steps for Ubuntu 10.04 environment:

1. Download OWASP CRS from https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

2. Extract the contents to folder named "owasp"

3. Copy owasp folder to /etc/apache2/rules

4. Rename file modsecurity_crs_10_setup.conf.example to modsecurity_crs_10_setup.conf

5. Browse to /etc/apache2/conf.d/security file and paste below lines inside <IfModule mod_security2.c>:

                 Include /etc/apache2/rules/owasp/*.conf

                Include /etc/apache2/rules/owasp/base_rules/*.conf

6. Restart apache2

                sudo /etc/init.d/apache2 restart

Try attack payloads:

If configured correctly, you should get a 403 Forbidden page:

http://127.0.0.1/test.php?’or+1=1--

http://127.0.0.1/index.html?’or+1=1--

Below are the logs from mod security (/etc/apache2/logs/modsec_audit.log):

Your Modsecurity is now configured with basic OWASP CRS which is sufficient to protect you from common web application attacks.

Happy Reading !!!

Share this post
Wordpress Security
Malware Analysis
Tools & Techniques
Pentests
PTaaS
Cyber Security
Technology
Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Latest blogs

Latest updates in cybersecurity services

View All
Blacklock Blog Image
General
October 30, 2024
General
Wordpress CMS Security
June 9, 2016
Wordpress CMS Security