Skip to main content

ModSecurity

ModSecurity is an open source web application firewall that can be integrated with a wide range of web servers.

Seer Box generates and exposes a file of application rules compatible with that firewall, using the SecRules language for their definition.

Tipologia

Feed - Seer Box exposes the rule file via HTTP, does not allow control of the target firewall.

URL

http://{Seer-Box-IP}:53380/feeds/modsecurity

Seer Box side configuration

To set ModSecurity as the type, simply select the value ModSecurity Feed in the Firewall type field in step 3 of Add a firewall.

No additional fields will be required.

Firewall side configuration

ModSecurity does not expose an interface to manage its rules and their loading. Nor does it offer the possibility of dynamically importing a rule file exposed via HTTP.

As it is directly integrated into the web servers, it is strictly dependent on them: the rule files must be imported into their configurations, and updating them requires restarting the servers themselves (or reloading the configuration).