[Owasp-modsecurity-core-rule-set] Running ModSecurity Rules on KEMP LoadMaster

Matt VanCleve matt.v at mymediabox.com
Fri Jul 31 22:38:48 UTC 2015


Hi there everyone,

We have been using the KEMP LoadMaster for SSL security and webserver load
balancing. They recently added a Web Application Firewall feature with a
few default rules but also had the option to run ModSecurity rules.
Checking the web for information on implementing ModSecurity on KEMP, I
have not found any information on tuning the standard ModSecurity rules on
a KEMP LoadMaster.

Loading the default ModSecurity rules under Block mode and turning off the
KEMP options of Process Request Data and Process Responses, I was able to
get 12 rules enabled and only had issues with 3 (30_http_policy,
40_generic_attacks, 41_sl_injection). I've started reading the audit logs
from our initial tests but still trying to interpret the logs against the
rule.

I know that getting ModSecurity requires a fair amount of tuning to get
working but wanted to know where a good place to start would be. Also, if
anyone has been able to get ModSecurity working on KEMP please let me know.

I'm going to read through the manual this weekend and see if any of that
sinks in - https://github.com/spiderLabs/modsecurity/wiki/reference-manual

Thanks, Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20150731/ea6b44dc/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list