For rapid WAF implementation, Cloud4U customers can access the WAF-modsecurity template in Public Catalogs.
The template, based on Ubuntu 16.04 LTS, includes:
-
Nginx/1.13.12
-
ModSecurity for Nginx/3.0.0
-
OWASP ModSecurity Core Rule Set Version 3.0.0
-
Nginx Length Hiding Filter Module
-
Nginx Headers More Module
-
OpenSSL 1.0.2g
-
Fail2Ban
-
A feedback form for reporting WAF false positives
Initial Setup Instructions
-
Copy your existing SSL certificates to
/opt/ssl, renaming them asssl_certificate.crtandssl_certificate.key(the WAF template assumes the protected site uses HTTPS). -
Enter the following data into the file
/opt/config/userparams:
-
Run the script
/opt/config/set_userparams.sh, which will apply the specified parameters to the Nginx configuration and the feedback form.
After completing these steps, the WAF will be ready for operation.
Testing the WAF
To verify functionality, access the site by appending ?testparam=test to the URL.
Example: https://[Your_IP]/?testparam=test
If configured correctly, the feedback form will appear, prompting the user to submit a false positive report.
Clicking the Unblock button will send an email (to the previously specified address) containing technical logs, diagnostic data, and the administrator notification message.
-
The feedback form code and assets are located in
/opt/403/. The form is written in PHP and can be modified to match the site’s design or adjust behavior as needed. -
Configuration files in
/opt/config/:-
custom_rules.conf– Add custom ModSecurity rules here. -
disabled_rules.conf– List rule IDs to be disabled.
-
To apply changes, run systemctl reload nginx
All core Nginx and ModSecurity configuration files are stored in /etc/nginx/ for fine-tuning the WAF.
ModSecurity FAQ
For additional guidance, refer to:
https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-Frequently-Asked-Questions-(FAQ)
