Opensource WAF for Apache Traffic Server.
/usr/local/var/lua
example.conf
) to /usr/local/var/modsecurity
, readable by the ATS process/usr/local/etc/trafficserver/plugin.config
and restart atstslua.so --enable-reload /usr/local/var/lua/ats-luajit-modsecurity.lua /usr/local/var/modsecurity/example.conf
testparam=test2
with a 403 status responsetestparam=test1
with 301 redirect response to https://www.yahoo.com/test
equal to 1
with a 403 status responsetest
equal to 2
with a 301 redirect response to https://www.yahoo.com//tmp/debug.log
crs-setup.conf.example
to /usr/local/var/modsecurity
and rename it to crs-setup.conf
rules
directory to /usr/local/var/modsecurity/rules
owasp.conf
in this repository to /usr/local/var/modsecurity
/usr/local/etc/trafficserver/plugin.config
to add the following line and restart atstslua.so --enable-reload /usr/local/var/lua/ats-luajit-modsecurity.lua /usr/local/var/modsecurity/owasp.conf
curl -v -H "User-Agent: Nikto" 'http://<your server>/'
owasp.conf
SecDebugLog /tmp/debug.log SecDebugLogLevel 9
rules
directory requires GeoIP and have to be commented out if you do not built the modsecurity library with it.SecRuleRemoveById
inside owasp.conf
to remove rules checking for request and response body. This trick can be used to remove other rules that does not apply well in some situationsREQUEST_BODY
examination (We need to buffer the request body for examination first before we send to origin.)RESPONSE BODY
examination (We need to uncompress the contents first if they are gzipped. And that will be expensive operation for proxy)