0. NOTES

• this tutorial requires a basic understanding of the Linux Terminal and a text editor such as Nano or Vi
• this tutorial assumes Ubuntu on AWS. Installation elsewhere will likely be very similar.

1. SSL

2. INSTALL WAF / ENABLE MOD_SECURITY

• Based mainly on this: https://blog.rapid7.com/2017/04/09/how-to-configure-modsecurity-with-apache-on-ubuntu-linux/
• Install WAF
  • sudo apt-get install libapache2-modsecurity
  • Might have to run: sudo dpkg --configure -a
• Check Installation
  • apachectl -M | grep security
• Rename rules
  • mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
• Turn rules on
  • sudo vi /etc/modsecurity/modsecurity.conf
  • make sure it reads SecRuleEngine on
• Remove default rules
  • sudo rm -rf /usr/share/modsecurity-crs
• Download github rules
  • sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
• Rename setup file
  • cd /usr/share/modsecurity-crs
  • sudo mv crs-setup.conf.example crs-setup.conf
• Add all new rules
  • sudo vi /etc/apache2/mods-enabled/security2.conf
  • place the following block in the document

<IfModule security2_module>
    SecDataDir /var/cache/modsecurity 
    IncludeOptional /etc/modsecurity/*.conf 
    IncludeOptional "/usr/share/modsecurity-crs/*.conf 
    IncludeOptional "/usr/share/modsecurity-crs/rules/*.conf 
</IfModule>

• Restart apache
  • systemctl restart apache2
• Raise paranoia level to 2 out of 5
  • sudo vi /usr/share/modsecurity-crs/crs-setup.conf
  • Edit this line to be 2 instead of 1:
    • setvar:tx.paranoia_level=2
• Test WAF
  • http://<your IP or domain name>/?q="><script>alert(1)</script>
  • http://<your IP or domain name>/?q='1 OR 1=1
  • You should get a 403 error

3 Enable Mod_Evasive