rubi.me
Sign Up Log In
Home  »  Uncategorized   »   Open-source WAF for Webserver VPS

Open-source WAF for Webserver VPS

on Tue Nov 26 | Updated on Tue Nov 26

Open-source WAF – ModSecurity

For Open-source WAF I recommend using ModSecurity as an open-source Web Application Firewall (WAF) for your VPS. It’s highly customizable and works well with Apache, NGINX, and IIS web servers. Here’s how to set it up:

1. Install ModSecurity

For Ubuntu-based systems, run the following command:

sudo apt update
sudo apt install libapache2-mod-security2

2. Enable ModSecurity

For Apache:

sudo a2enmod security2
sudo systemctl restart apache2

For NGINX, you’ll need the libmodsecurity and the connector:

sudo apt install libmodsecurity nginx-mod-security
sudo systemctl restart nginx

3. Load OWASP CRS (Core Rule Set)

For better protection, use the OWASP Core Rule Set:

sudo apt install modsecurity-crs

Then, enable the rules:

sudo cp /usr/share/modsecurity-crs/crs-setup.conf.example /etc/modsecurity/crs-setup.conf
sudo ln -s /usr/share/modsecurity-crs/rules /etc/modsecurity/

4. Test and Tune

Test your server to ensure it doesn’t block legitimate traffic. You can adjust the rules in /etc/modsecurity/ as needed to fit your setup.