# DD - Apache2 ModSecurity + HAProxy

Installation of Apache2 ModSecurity and HAProxy.

* In Apache2 with ModSecurity V3 enabled are included the OWASP rules.
* HAProxy service acts as application frontend and administers and negotiates the SSL domain certificate using Letsencrypt.
* Modsecurity is disabled by default when installing DD.
* The installation can be done with or without WAF part.
* If you have installed WAF you can set in bypass mode or enabled mode.

## Apache - ModSecurity

You can find the service definition in `dd-sso/docker/waf-modsecurity`.

There are different files to set up this service:

* `000-default.conf` contains Apache2 web service settings.
* `crs-setup.conf` is where is configured the OWASP ModSecurity Core Rule Set ver.3.2.0 .
* `modsec_rules.conf` contains the needed files for owasp service of Apache2.
* `rules_apps.conf` is where are configured the false positives, of different applications, that needs to be detected until the moment.

### Enable/Disable

DD can be used with  WAF enabled or disabled, this is set in variable `DISABLE_WAF` in `dd.conf` file.

The default value is `true` (WAF disabled), this will change in the future.

```
# Sample of dd.conf

# Enable WAF
DISABLE_WAF=false

# Disable WAF
DISABLE_WAF=true
```

### Configuration

Changes in `dd.conf` are not immediate, you need to deploy again the DD containers using `dd-ctl`:

```sh
./dd-ctl down
./dd-ctl build
./dd-ctl up
```