Open-source WAF – ModSecurity
For Open-source WAF I recommend using ModSecurity as an open-source Web Application Firewall (WAF) for your VPS. It’s highly customizable and works well with Apache, NGINX, and IIS web servers. Here’s how to set it up:
1. Install ModSecurity
For Ubuntu-based systems, run the following command:
sudo apt update
sudo apt install libapache2-mod-security22. Enable ModSecurity
For Apache:
sudo a2enmod security2
sudo systemctl restart apache2For NGINX, you’ll need the libmodsecurity and the connector:
sudo apt install libmodsecurity nginx-mod-security
sudo systemctl restart nginx3. Load OWASP CRS (Core Rule Set)
For better protection, use the OWASP Core Rule Set:
sudo apt install modsecurity-crsThen, enable the rules:
sudo cp /usr/share/modsecurity-crs/crs-setup.conf.example /etc/modsecurity/crs-setup.conf
sudo ln -s /usr/share/modsecurity-crs/rules /etc/modsecurity/4. Test and Tune
Test your server to ensure it doesn’t block legitimate traffic. You can adjust the rules in /etc/modsecurity/ as needed to fit your setup.