Skip to main content

ModSecurity

ModSecurity is an open source web application firewall that can be integrated with a wide range of web servers.

Seer Box generates and exposes a file of application rules compatible with that firewall, using the SecRules language for their definition.

Tipologia

Feed - Seer Box exposes the rule file via HTTP, does not allow control of the target firewall.

URL

http://$SEERBOX_IP:53380/feeds/modsecurity_$FIREWALL_NAME

Variables to be replaced

  • $SEERBOX_IP : the Seer Box IP address
  • $FIREWALL_NAME : the name configured for the specific firewall

Seer Box side configuration

To set ModSecurity as the type, simply select the value ModSecurity Feed in the Firewall type field in step 3 of Add a firewall.

No additional fields will be required.

Firewall side configuration

ModSecurity does not expose an interface to manage its rules and their loading. Nor does it offer the possibility of dynamically importing a rule file exposed via HTTP.

As it is directly integrated into the web servers, it is strictly dependent on them: the rule files must be imported into their configurations, and updating them requires restarting the servers themselves (or reloading the configuration).