Content
Mod security
We recommend to use the apache module mod_security.
A good installation guide for Ubuntu 12.04 LTS can be found here
Note: The master branch of the OWASP Core Rule Set from https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master cannot be installed at the time of writing 2013-11-11.
Version 2.2.5 from https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v2.2.5.tar.gz worked without problems. However, you should try newer versions, if possible.
The following rules are tested:
- modsecurity_crs_20_protocol_violations.conf to protect against NULL-Bytes in user inputs (#1750)