DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
Travis Bot 2018-04-29 15:47:17 +00:00
parent 89c9353364
commit db71e32e5f
19 changed files with 359 additions and 266 deletions
Download patch file Download diff file Expand all files Collapse all files

8
user-guide/third-party-addons/modsecurity/index.html
View file

@ -1021,14 +1021,16 @@
<h1 id="modsecurity-web-application-firewall">ModSecurity Web Application Firewall<a class="headerlink" href="#modsecurity-web-application-firewall" title="Permanent link">&para;</a></h1>
<p>ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis - https://www.modsecurity.org</p>
<p>ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis - <a href="https://www.modsecurity.org">https://www.modsecurity.org</a></p>
<p>The <a href="https://github.com/SpiderLabs/ModSecurity-nginx">ModSecurity-nginx</a> connector is the connection point between NGINX and libmodsecurity (ModSecurity v3).</p>
<p>The default ModSecurity configuration file is located in <code class="codehilite">/etc/nginx/modsecurity/modsecurity.conf</code>. This is the only file located in this directory and contains the default recommended configuration. Using a volume we can replace this file with the desired configuration.
To enable the ModSecurity feature we need to specify <code class="codehilite">enable-modsecurity: &quot;true&quot;</code> in the configuration configmap.</p>
<p><strong>NOTE:</strong> the default configuration use detection only, because that minimises the chances of post-installation disruption.
<blockquote>
<p><strong>Note:</strong> the default configuration use detection only, because that minimises the chances of post-installation disruption.
The file <code class="codehilite">/var/log/modsec_audit.log</code> contains the log of ModSecurity.</p>
</blockquote>
<p>The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.
The directory <code class="codehilite">/etc/nginx/owasp-modsecurity-crs</code> contains the https://github.com/SpiderLabs/owasp-modsecurity-crs repository.
The directory <code class="codehilite">/etc/nginx/owasp-modsecurity-crs</code> contains the <a href="https://github.com/SpiderLabs/owasp-modsecurity-crs repository">https://github.com/SpiderLabs/owasp-modsecurity-crs repository</a>.
Using <code class="codehilite">enable-owasp-modsecurity-crs: &quot;true&quot;</code> we enable the use of the rules.</p>