[Owasp-modsecurity-core-rule-set] Running ModSecurity Rules on KEMP LoadMaster
doconnor at kemptechnologies.com
Tue Aug 4 16:51:10 UTC 2015
I work for KEMP Technologies and should be able to assist you in working with the KEMP LoadBalancer and the ModSecurity rules. You can import the OWASP ModSecurity rule set into the KEMP LoadMaster and then use them as normal. I can work with you offline to try understand what you are looking to do and then we can post the results to the forum for everyone, if that is okay?
From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf Of Matt VanCleve
Sent: 31 July 2015 23:39
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: [Owasp-modsecurity-core-rule-set] Running ModSecurity Rules on KEMP LoadMaster
Hi there everyone,
We have been using the KEMP LoadMaster for SSL security and webserver load balancing. They recently added a Web Application Firewall feature with a few default rules but also had the option to run ModSecurity rules. Checking the web for information on implementing ModSecurity on KEMP, I have not found any information on tuning the standard ModSecurity rules on a KEMP LoadMaster.
Loading the default ModSecurity rules under Block mode and turning off the KEMP options of Process Request Data and Process Responses, I was able to get 12 rules enabled and only had issues with 3 (30_http_policy, 40_generic_attacks, 41_sl_injection). I've started reading the audit logs from our initial tests but still trying to interpret the logs against the rule.
I know that getting ModSecurity requires a fair amount of tuning to get working but wanted to know where a good place to start would be. Also, if anyone has been able to get ModSecurity working on KEMP please let me know.
I'm going to read through the manual this weekend and see if any of that sinks in - https://github.com/spiderLabs/modsecurity/wiki/reference-manual
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set