1.4 KiB
1.4 KiB
DD - Apache2 ModSecurity + HAProxy
Installation of Apache2 ModSecurity and HAProxy.
- In Apache2 with ModSecurity V3 enabled are included the OWASP rules.
- HAProxy service acts as application frontend and administers and negotiates the SSL domain certificate using Letsencrypt.
- Modsecurity is disabled by default when installing DD.
- The installation can be done with or without WAF part.
- If you have installed WAF you can set in bypass mode or enabled mode.
Apache - ModSecurity
You can find the service definition in dd-sso/docker/waf-modsecurity
.
There are different files to set up this service:
000-default.conf
contains Apache2 web service settings.crs-setup.conf
is where is configured the OWASP ModSecurity Core Rule Set ver.3.2.0 .modsec_rules.conf
contains the needed files for owasp service of Apache2.rules_apps.conf
is where are configured the false positives, of different applications, that needs to be detected until the moment.
Enable/Disable
DD can be used with WAF enabled or disabled, this is set in variable DISABLE_WAF
in dd.conf
file.
The default value is true
(WAF disabled), this will change in the future.
# Sample of dd.conf
# Enable WAF
DISABLE_WAF=false
# Disable WAF
DISABLE_WAF=true
Configuration
Changes in dd.conf
are not immediate, you need to deploy again the DD containers using dd-ctl
:
./dd-ctl down
./dd-ctl build
./dd-ctl up