ModSecurity
ModSecurity is an open source web application firewall that can be integrated with a wide range of web servers.
Seer Box generates and exposes a file of application rules compatible with that firewall, using the SecRules
language for their definition.
Tipologia
Feed
- Seer Box exposes the rule file via HTTP, does not allow control of the target firewall.
URL
http://{Seer-Box-IP}:53380/feeds/modsecurity
Seer Box side configuration
To set ModSecurity
as the type, simply select the value ModSecurity Feed
in the Firewall type field in step 3 of Add a firewall.
No additional fields will be required.
Firewall side configuration
ModSecurity does not expose an interface to manage its rules and their loading. Nor does it offer the possibility of dynamically importing a rule file exposed via HTTP.
As it is directly integrated into the web servers, it is strictly dependent on them: the rule files must be imported into their configurations, and updating them requires restarting the servers themselves (or reloading the configuration).