No edit summary |
No edit summary |
||
Line 23: | Line 23: | ||
SecDebugLogLevel 0 | SecDebugLogLevel 0 | ||
</pre> | </pre> | ||
==Testing== | |||
To test mod_security I believe we should set it up in the staging environment. I think it should be deployed with individual audit logs because that provides the best performance at the cost of increased file io. It should be deployed in staging while we tweak the configuration rules to eliminate most false positives. |
Revision as of 02:12, 3 June 2010
I'm going to document mod_security setup.
- yum install mod_security
- mkdir /var/lib/httpd/mod_security
- add SecDataDir /var/lib/httpd/mod_security to /etc/httpd/modsecurity.d/modsecurity_localrules.conf
In my test this removed all messages from the error log in apache. I would recommend that we add the following configuration directives to put the logging in their own files in modsecurity_localrules.conf:
SecAuditLog logs/modsec_audit.log
Ok, so I got my proxy fully set up so I can now post through my proxy. I've updated the mod_security configuration to be:
# Drop your local rules in here. SecDataDir /var/lib/httpd/mod_security SecAuditEngine RelevantOnly SecAuditLog logs/modsec_audit.log SecAuditLogParts ABCFHZ SecAuditLogStorageDir /var/lib/httpd/modsec_logs SecAuditLogType Concurrent SecDebugLog /var/lib/httpd/modsec_logs/modsec_debug.log SecDebugLogLevel 0
Testing
To test mod_security I believe we should set it up in the staging environment. I think it should be deployed with individual audit logs because that provides the best performance at the cost of increased file io. It should be deployed in staging while we tweak the configuration rules to eliminate most false positives.