Hi there everyone, We have been using the KEMP LoadMaster for SSL security and webserver load balancing. They recently added a Web Application Firewall feature with a few default rules but also had the option to run ModSecurity rules. Checking the web for information on implementing ModSecurity on KEMP, I have not found any information on tuning the standard ModSecurity rules on a KEMP LoadMaster.
Loading the default ModSecurity rules under Block mode and turning off the KEMP options of Process Request Data and Process Responses, I was able to get 12 rules enabled and only had issues with 3 (30_http_policy, 40_generic_attacks, 41_sl_injection). I've started reading the audit logs from our initial tests but still trying to interpret the logs against the rule. I know that getting ModSecurity requires a fair amount of tuning to get working but wanted to know where a good place to start would be. Also, if anyone has been able to get ModSecurity working on KEMP please let me know. I'm going to read through the manual this weekend and see if any of that sinks in - https://github.com/spiderLabs/modsecurity/wiki/reference-manual Thanks, Matt
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
