Ops One AG

You can subscribe via email or RSS

Monday 14th January 2019

Managed Server Version 6: Website Service: Enable ModSecurity in DetectionOnly Mode

So far, there was no web application firewall on generation 6 servers, as we had yet to lay some groundwork before. With this change, we will enable ModSecurity and load the OWASP core set, please see the detailed changes below:

  • update nginx to the latest stable version 1.14.2
  • load ModSecurity base configuration
  • load OWASP core rule set
  • enable ModSecurity in DetectionOnly mode (= logging only)
  • detected requests are logged into the ModSecurity audit log at /var/log/nginx/modsecurity.log (accessible via devop user)

Next steps:

  • we will analyze all audit logs and take appropriate actions if required
  • we might contact you over the next 2 weeks to discuss required changes on our or your end if required
  • we're going to activate blocking mode (switch engine from DetectionOnly to on) on Monday, January 28th

Reference: #291