47 lines
1.4 KiB
Markdown
47 lines
1.4 KiB
Markdown
# DD - Apache2 ModSecurity + HAProxy
|
|
|
|
Installation of Apache2 ModSecurity and HAProxy.
|
|
|
|
* In Apache2 with ModSecurity V3 enabled are included the OWASP rules.
|
|
* HAProxy service acts as application frontend and administers and negotiates the SSL domain certificate using Letsencrypt.
|
|
* Modsecurity is disabled by default when installing DD.
|
|
* The installation can be done with or without WAF part.
|
|
* If you have installed WAF you can set in bypass mode or enabled mode.
|
|
|
|
## Apache - ModSecurity
|
|
|
|
You can find the service definition in `dd-sso/docker/waf-modsecurity`.
|
|
|
|
There are different files to set up this service:
|
|
|
|
* `000-default.conf` contains Apache2 web service settings.
|
|
* `crs-setup.conf` is where is configured the OWASP ModSecurity Core Rule Set ver.3.2.0 .
|
|
* `modsec_rules.conf` contains the needed files for owasp service of Apache2.
|
|
* `rules_apps.conf` is where are configured the false positives, of different applications, that needs to be detected until the moment.
|
|
|
|
### Enable/Disable
|
|
|
|
DD can be used with WAF enabled or disabled, this is set in variable `DISABLE_WAF` in `dd.conf` file.
|
|
|
|
The default value is `true` (WAF disabled), this will change in the future.
|
|
|
|
```
|
|
# Sample of dd.conf
|
|
|
|
# Enable WAF
|
|
DISABLE_WAF=false
|
|
|
|
# Disable WAF
|
|
DISABLE_WAF=true
|
|
```
|
|
|
|
### Configuration
|
|
|
|
Changes in `dd.conf` are not immediate, you need to deploy again the DD containers using `dd-ctl`:
|
|
|
|
```sh
|
|
./dd-ctl down
|
|
./dd-ctl build
|
|
./dd-ctl up
|
|
```
|