Attachment #218900 for bug #250470

View | Details | Raw Unified | Return to bug 250470
Collapse All | Expand All





##
## To enable ModSecurity in Apache, enable the modules
##  mod_unique_id
##  mod_security2
## e.g. by uncommenting the LoadModule lines of this config file.
##
## Additionally, load configuration and rules with an Include line from
##  %%ETCDIR%%/*.conf
## e.g. by uncommenting the following Inlude line.
##
## Most users will use the signatures from the OWASP Core Rule Set (CRS).
## For configuration instructions, see %%DOCSDIR%%/README.
##

## Apache modules and Include line for mod_security
#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so
#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so
#Include %%ETCDIR%%/*.conf

##
## Most users will use the signatures from the OWASP Core Rule Set (CRS).
## For configuration instructions, see %%DOCSDIR%%/README (second paragraph)
## before uncommenting the following Include line.
##

## Include line for signatures from the OWASP Core Rule Set (CRS)
#Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf





To enable ModSecurity in Apache, follow the instructions in

  %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%

ModSecurity has various configuration options.
To change them, edit the following file:

  %%ETCDIR%%/modsecurity.conf

Getting the Core Rule Set
-------------------------

  pkg install git
  cd %%ETCDIR%%
  git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
  ln -s owasp-modsecurity-crs/crs-setup.conf.example crs-setup.conf
    crs.conf

The CRS has various config options. To change them, edit crs-setup.conf.

To activate the CRS base rules, either add the following line to your httpd.conf

  Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf

or uncomment the same line in:

  %%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%

You can also add custom configuration and CRS exceptions here.
For instance, you might want to disable rules that generate false
positives. Example:

do this with Git:

  cd %%ETCDIR%%/owasp-modsecurity-crs
  git stash push && git pull && git stash pop

Resolve conflicts in crs-setup.conf.example, if any. Then execute:

  git reset && git stash drop
  apachectl restart




{ type: install
  message: <<EOM
You have installed ModSecurity.
To enable ModSecurity in Apache, follow the instructions in the first paragraph of

  %%DOCSDIR%%/README

Most users will use the signatures from the OWASP Core Rule Set (CRS).
For configuration instructions, see the second paragraph of the same file.
EOM
}
]

Return to bug 250470

Lines 3-14 Link Here

(-)files/README.in (-8 / +15 lines)
3		3
4	To enable ModSecurity in Apache, follow the instructions in	4	To enable ModSecurity in Apache, follow the instructions in
5		5
6	%%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%	6	%%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
7		7
8	ModSecurity has various configuration options.	8	ModSecurity has various configuration options.
9	To change them, edit the following file:	9	To change them, edit the following file:
10		10
11	%%ETCDIR%%/modsecurity.conf	11	%%ETCDIR%%/modsecurity.conf
12		12
13	Getting the Core Rule Set	13	Getting the Core Rule Set
14	-------------------------	14	-------------------------
Lines 22-36 Link Here
22	pkg install git	22	pkg install git
23	cd %%ETCDIR%%	23	cd %%ETCDIR%%
24	git clone https://github.com/SpiderLabs/owasp-modsecurity-crs	24	git clone https://github.com/SpiderLabs/owasp-modsecurity-crs
25	cp owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example \	25	ln -s owasp-modsecurity-crs/crs-setup.conf.example crs-setup.conf
26	crs.conf
27		26
28	The CRS has various config options. To change them, edit crs.conf.	27	The CRS has various config options. To change them, edit crs-setup.conf.
29		28
30	To activate the CRS base rules, add the following to your httpd.conf:	29	To activate the CRS base rules, either add the following line to your httpd.conf
31		30
32	Include etc/modsecurity/owasp-modsecurity-crs/base_rules/*.conf	31	Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf
33		32
		33	or uncomment the same line in:
		34
		35	%%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%
		36
34	You can also add custom configuration and CRS exceptions here.	37	You can also add custom configuration and CRS exceptions here.
35	For instance, you might want to disable rules that generate false	38	For instance, you might want to disable rules that generate false
36	positives. Example:	39	positives. Example:
Lines 85-89 Link Here
85	do this with Git:	88	do this with Git:
86		89
87	cd %%ETCDIR%%/owasp-modsecurity-crs	90	cd %%ETCDIR%%/owasp-modsecurity-crs
88	git pull	91	git stash push && git pull && git stash pop
		92
		93	Resolve conflicts in crs-setup.conf.example, if any. Then execute:
		94
		95	git reset && git stash drop
89	apachectl restart	96	apachectl restart

Lines 8-25 Link Here

(-)files/280_mod_security.conf.sample.in (-6 / +13 lines)
8		8
9	##	9	##
10	## To enable ModSecurity in Apache, enable the modules	10	## To enable ModSecurity in Apache, enable the modules
11	## mod_unique_id (in httpd.conf) and	11	## mod_unique_id
12	## mod_security2 in this config file	12	## mod_security2
		13	## e.g. by uncommenting the LoadModule lines of this config file.
13	##	14	##
14	## Additionally, load configuration and rules with an Include line from	15	## Additionally, load configuration and rules with an Include line from
15	## %%ETCDIR%%/*.conf	16	## %%ETCDIR%%/*.conf
		17	## e.g. by uncommenting the following Inlude line.
16	##	18	##
17	## Most users will use the signatures from the OWASP Core Rule Set (CRS).
18	## For configuration instructions, see %%DOCSDIR%%/README.
19	##
20		19
21	## apache modules for mod_security	20	## Apache modules and Include line for mod_security
22	#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so	21	#LoadModule unique_id_module %%APACHEMODDIR%%/mod_unique_id.so
23	#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so	22	#LoadModule security2_module %%APACHEMODDIR%%/mod_security2.so
24	#Include %%ETCDIR%%/*.conf	23	#Include %%ETCDIR%%/*.conf
25		24
		25	##
		26	## Most users will use the signatures from the OWASP Core Rule Set (CRS).
		27	## For configuration instructions, see %%DOCSDIR%%/README (second paragraph)
		28	## before uncommenting the following Include line.
		29	##
		30
		31	## Include line for signatures from the OWASP Core Rule Set (CRS)
		32	#Include %%ETCDIR%%/owasp-modsecurity-crs/rules/*.conf

Lines 2-13 Link Here

(-)files/pkg-message.in (-3 / +3 lines)
2	{ type: install	2	{ type: install
3	message: <<EOM	3	message: <<EOM
4	You have installed ModSecurity.	4	You have installed ModSecurity.
5	To enable ModSecurity in Apache, follow the instructions in	5	To enable ModSecurity in Apache, follow the instructions in the first paragraph of
6		6
7	%%PREFIX%%/%%APACHEETCDIR%%/modules.d/%%APMOD_FILE%%	7	%%DOCSDIR%%/README
8		8
9	Most users will use the signatures from the OWASP Core Rule Set (CRS).	9	Most users will use the signatures from the OWASP Core Rule Set (CRS).
10	For configuration instructions, see %%DOCSDIR%%/README.	10	For configuration instructions, see the second paragraph of the same file.
11	EOM	11	EOM
12	}	12	}
13	]	13	]