So far, there was no web application firewall on generation 6 servers, as we had yet to lay some groundwork before.
With this change, we will enable ModSecurity and load the OWASP core set, please see the detailed changes below:
- update nginx to the latest stable version 1.14.2
- load ModSecurity base configuration
- load OWASP core rule set
- enable ModSecurity in
DetectionOnly mode (= logging only)
- detected requests are logged into the ModSecurity audit log at
/var/log/nginx/modsecurity.log (accessible via devop user)
Next steps:
- we will analyze all audit logs and take appropriate actions if required
- we might contact you over the next 2 weeks to discuss required changes on our or your end if required
- we're going to activate blocking mode (switch engine from
DetectionOnly to on) on Monday, January 28th
Reference: #291
