We hope you have successfully installed and configured LAMP and Modsecurity on your Ubuntu 10.04 box (If not, see my last pos there). Next step is to configure Modsecurity with OWASP CRS (Core Rule Set) rules. Basically it does not make any sense to just install Modsecurity without configuring OWASP CRS rules as this will not protect you against any web attacks.
Here’s most simplest and workable steps for Ubuntu 10.04 environment:
1. Download OWASP CRS from https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
2. Extract the contents to folder named "owasp"
3. Copy owasp folder to /etc/apache2/rules
4. Rename file modsecurity_crs_10_setup.conf.example to modsecurity_crs_10_setup.conf
5. Browse to /etc/apache2/conf.d/security file and paste below lines inside <IfModule mod_security2.c>:
Include /etc/apache2/rules/owasp/*.conf
Include /etc/apache2/rules/owasp/base_rules/*.conf
6. Restart apache2
sudo /etc/init.d/apache2 restart
Try attack payloads:
If configured correctly, you should get a 403 Forbidden page:
http://127.0.0.1/test.php?’or+1=1--
http://127.0.0.1/index.html?’or+1=1--
Below are the logs from mod security (/etc/apache2/logs/modsec_audit.log):
Your Modsecurity is now configured with basic OWASP CRS which is sufficient to protect you from common web application attacks.
Happy Reading !!!
Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!