[Owasp-modsecurity-core-rule-set] Running ModSecurity Rules on KEMP LoadMaster

David O'Connor doconnor at kemptechnologies.com
Tue Aug 4 16:51:10 UTC 2015

Hi Matt,

I work for KEMP Technologies and should be able to assist you in working with the KEMP LoadBalancer and the ModSecurity rules. You can import the OWASP ModSecurity rule set into the KEMP LoadMaster and then use them as normal. I can work with you offline to try understand what you are looking to do and then we can post the results to the forum for everyone, if that is okay?

Kind Regards,

From: owasp-modsecurity-core-rule-set-bounces at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces at lists.owasp.org] On Behalf Of Matt VanCleve
Sent: 31 July 2015 23:39
To: owasp-modsecurity-core-rule-set at lists.owasp.org
Subject: [Owasp-modsecurity-core-rule-set] Running ModSecurity Rules on KEMP LoadMaster

Hi there everyone,

We have been using the KEMP LoadMaster for SSL security and webserver load balancing. They recently added a Web Application Firewall feature with a few default rules but also had the option to run ModSecurity rules. Checking the web for information on implementing ModSecurity on KEMP, I have not found any information on tuning the standard ModSecurity rules on a KEMP LoadMaster.

Loading the default ModSecurity rules under Block mode and turning off the KEMP options of Process Request Data and Process Responses, I was able to get 12 rules enabled and only had issues with 3 (30_http_policy, 40_generic_attacks, 41_sl_injection). I've started reading the audit logs from our initial tests but still trying to interpret the logs against the rule.

I know that getting ModSecurity requires a fair amount of tuning to get working but wanted to know where a good place to start would be. Also, if anyone has been able to get ModSecurity working on KEMP please let me know.

I'm going to read through the manual this weekend and see if any of that sinks in - https://github.com/spiderLabs/modsecurity/wiki/reference-manual

Thanks, Matt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150804/4a8be6c1/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list