Hi Matt, I work for KEMP Technologies and should be able to assist you in working with the KEMP LoadBalancer and the ModSecurity rules. You can import the OWASP ModSecurity rule set into the KEMP LoadMaster and then use them as normal. I can work with you offline to try understand what you are looking to do and then we can post the results to the forum for everyone, if that is okay?
Kind Regards, dave From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of Matt VanCleve Sent: 31 July 2015 23:39 To: owasp-modsecurity-core-rule-set@lists.owasp.org Subject: [Owasp-modsecurity-core-rule-set] Running ModSecurity Rules on KEMP LoadMaster Hi there everyone, We have been using the KEMP LoadMaster for SSL security and webserver load balancing. They recently added a Web Application Firewall feature with a few default rules but also had the option to run ModSecurity rules. Checking the web for information on implementing ModSecurity on KEMP, I have not found any information on tuning the standard ModSecurity rules on a KEMP LoadMaster. Loading the default ModSecurity rules under Block mode and turning off the KEMP options of Process Request Data and Process Responses, I was able to get 12 rules enabled and only had issues with 3 (30_http_policy, 40_generic_attacks, 41_sl_injection). I've started reading the audit logs from our initial tests but still trying to interpret the logs against the rule. I know that getting ModSecurity requires a fair amount of tuning to get working but wanted to know where a good place to start would be. Also, if anyone has been able to get ModSecurity working on KEMP please let me know. I'm going to read through the manual this weekend and see if any of that sinks in - https://github.com/spiderLabs/modsecurity/wiki/reference-manual Thanks, Matt
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
