ModSecurity, also known as ModSec, is a free, open-source web application firewall (WAF). It is placed in front of the web application you want to protect.
ModSecurity alone is not enough to protect your server. You need to incorporate rules to maximize the WAF’s performance. One very famous, widely used, and respected rule set is the OWASP CRS rule set. We will use it in Modsecurity to enhance the web application server’s protection against emerging threats on the internet.
In today’s guide, I will show you how to install OWASP core rule set (CSR) 3.3.2 in ModSecurity. To be able to do that, we need a Linux server that has Nginx and ModSecurity pre-installed on it.
Pre-Requisites:
- Ubuntu 20.04 server
- sudo privileges
- Modsecurity deployed with Nginx on Ubuntu server
If you don’t have Nginx installed, you can use the following guide to fulfill the installation requirement:
https://linuxways.net/ubuntu/how-to-install-nginx-on-ubuntu-20-04-lts-using-source-code/
If you have Nginx installed on Ubuntu, but you have not deployed ModSecurity on it, use the following guide to install it:
https://linuxways.net/ubuntu/how-to-deploy-modsecurity-with-nginx-on-ubuntu-20-04-lts/
Once you are done with the pre-requisites, you can move on to the OWASP core rule set installation part. Let’s go!
Installation Guide
Following are the steps involved in installing OWASP core ruleset 3.3.2 for Modsecurity:
Step 1: Download Owasp CRS 3.3.2 archive
First of all, we will use the wget command to download the OWASP CRS 3.3.2 archive. Run the following command to do so:
wget https://github.com/coreruleset/coreruleset/archive/refs/tags/v3.3.2.zip
Step 2: Install the unzip package
Now, install the unzip package. We need it to unzip the zipped packages. Skip this step if you already have it installed on your system.
sudo dnf install unzip -y
Step 3: Unzip the master.zip archive
In this step, we will unzip the master.zip archive. To do that, run the following command:
sudo unzip v3.3.2.zip -d /etc/nginx/modsec
Step 4: Create a backup for CRS configuration file
OWASP core rule set comes with a sample configuration file. In this step, we will rename the file and create a backup of it in case it is needed in the future to restart again.
sudo cp /etc/nginx/modsec/coreruleset-3.3.2/crs-setup.conf.example /etc/nginx/modsec/coreruleset-3.3.2/crs-setup.conf
Step 5: Enable rules in ModSecurity
Now, in this step, we will enable the OWASP rules in ModSecurity. To do that, open the modsecurity configuration file in your favorite editor. We have used nano editor.
sudo nano /etc/nginx/modsec/modsec-config.conf
Once the file is open, add the following two lines in it to include the rules in ModSecurity:
Include /etc/nginx/modsec/coreruleset-3.3.2/crs-setup.conf
Include /etc/nginx/modsec/coreruleset-3.3.2/rules/*.conf
Now save the file and close it with (CTRL+O) and (CTRL+T).
Step 6: Check Nginx configuration
Before restarting Nginx, we need to check if the new configuration that we have added in the configuration file is fine. To check, run this command:
sudo nginx -t
You will get the following output which tells that the configuration is okay and we can move on to the next step.
Step 7: Reload Nginx
We have reached the final step in which we will restart Nginx to update the new changes that we did.
sudo systemctl restart nginx
Once Nginx is reloaded, the OWASP core rule set will become functional in Modsecurity.
In this guide, we saw in detail how to install OWASP core rule set for ModSecurity with the help of a few easy-to-follow commands. We also learned how to configure the rule set in ModSecurity to enable protection. The whole process will take around 5 to 10 minutes, depending on your system speed. Once the configuration is successful, your WAF will start protecting the web application server using OWASP core rule set.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.
Discover more from Ubuntu-Server.com
Subscribe to get the latest posts sent to your email.