Web Application modsecurity

As people know, Web Application is one of the important things for any system and company to have.Nowadays, people are looking on how to protect their Web Application from been compromised by the bad guys.

One of the way that good to look at when trying to protect the web application is Mod security. Today, i will show on how to setup the Mod Security for your Web Application.

For this setup,  i will use Kali Linux as Operation System to show you guys on how to setup the mod security.

Let’s Started!

Firstly, you guys need to type command such as apt-get install libapache2 modsecurity and you guys will get something like the picture below:

Modsecurity Installation

When finished installing the mod security on your operating system, you can see the configuration by going to nano /etc/modsecurity/modsecurity.conf-recommended

*Notes: The folder location is  depends on your operating system and where you install it on)

Editing Rules

On the file configuration, you can play around with configuration such as SetRuleEngine DetectionOnly where it can usually prevent attacker to do some attacks such as SQL Injection, Cross-Site Scripting, Local Remote File Inclusion and  more other common attacks.

For further information on how to handling False Positives using mod security, you guys can read here

Source: OWASP ModSecurity Core Rule Set (CRS)