• Nice tutorial! Thanks for walking me through this! Just a few observations:

    I encourage apachectl configtest instead of or at least prior to restarting Apache. Just good practice if you're working on a live site.

    The curl -i ... -A command doesn't seem to trigger ModSecurity. Not sure if that was a change in the rules or if I did something wrong.

    Don't forget to make the test script executable with chmod 744 or you'll get: -bash: /usr/share/doc/mod_evasive-1.10.1/test.pl: Permission denied

  • Thanks for the tutorial. The link to rules are a 404 and the latest rules don't work as mod_security rpm is an older version than 2.9.1 It would be great if you upgrade your tutorial to sort out this issues.

  • Hi Hitesh,

    trying this url to install mod security module "git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git" but getting error

    "fail to create operator: detect XSS"

    I am running vm with centos 7 and apache 2.4.7 . Can you please suggest where I am going wrong or this is the mod security bug.

  • I have try to run "git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git" and is run successfully. I doesn't see any error.

  • I am getting below error

    "AH00526: Syntax error on line 64 of ../crs/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf: Error creating rule: Failed to resolve operator: detectXSS"

  • and I have installed mod security version 2.9.1 . below is error log

    ModSecurity: StatusEngine call: "2.9.1,Apache/2.4.6 (CentOS) Ope,1.4.8/1.4.8,8.32/8.32 2012-11-30,(null),2.9.1,0f4af4f43a5d3271426bb108d7146c1ffa4ff783"

    ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/

  • thank you for the tutorial,,,do you have a mod security notification tutorial to the telegram may ask for the websaite ... because I want to learn it

  • Tutorial for Cetnos

Log In, Add a Comment