WAS THIS PAGE HELPFUL? {html}<a href="mailto:training@gwos.com?subject=How to enable mod security">Leave Feedback</a>{html}\\
\\
h5. Overview
Starting in version 7.1.1, {{mod_security}} is available with a comprehensive set of rules to log or protect against web based attacks. {{mod_security}} is an apache module that acts as a filter for http traffic and blocks traffic that match a set of rules that describe attack vectors exploited by malicious actors. GroundWork has added the ability to enable this feature in the product with a few easy steps.
h5. Steps
h6. Enable Mod Security
Because some of the traffic in GroundWork is of an administrative nature, {{mod_security}} is set to detection only mode when enabled. Detection only mode will only log traffic that matches rule violations. These violations could be evidence of an attack and should be sent to a log analysis tool for regular auditing and alerting. The rule violations are logged in the apache error log at {{/usr/local/groundwork/apache2/logs/error_log}}. To enable blocking, see section the below _Enable Application Protection_.
# To enable {{mod_security}}, modify {{/usr/local/groundwork/apache2/conf/extra/httpd-ssl.conf}}.
# Uncomment the following line:
{noformat}
Include httpd-security.conf
{noformat}
# Restart apache:
{noformat}
/etc/init.d/groundwork restart apache
{noformat}
h6. Enable Application Protection
Some environments have more strict requirements and need to have protection enabled. There is a risk that some features of the product or custom code will not work if protection mode is enabled. If you run into any problems you can open a support ticket and GroundWork Support will assist you.
# To set {{mod_security}} in Protection Mode, modify {{/usr/local/groundwork/apache2/conf/extra/httpd-security.conf}}.
# Comment out following line:
{noformat}#SecRule Engine DetectionOnly{noformat}
# Restart apache:
{noformat}
/etc/init.d/groundwork restart apache
{noformat}
\\
h5. Overview
Starting in version 7.1.1, {{mod_security}} is available with a comprehensive set of rules to log or protect against web based attacks. {{mod_security}} is an apache module that acts as a filter for http traffic and blocks traffic that match a set of rules that describe attack vectors exploited by malicious actors. GroundWork has added the ability to enable this feature in the product with a few easy steps.
h5. Steps
h6. Enable Mod Security
Because some of the traffic in GroundWork is of an administrative nature, {{mod_security}} is set to detection only mode when enabled. Detection only mode will only log traffic that matches rule violations. These violations could be evidence of an attack and should be sent to a log analysis tool for regular auditing and alerting. The rule violations are logged in the apache error log at {{/usr/local/groundwork/apache2/logs/error_log}}. To enable blocking, see section the below _Enable Application Protection_.
# To enable {{mod_security}}, modify {{/usr/local/groundwork/apache2/conf/extra/httpd-ssl.conf}}.
# Uncomment the following line:
{noformat}
Include httpd-security.conf
{noformat}
# Restart apache:
{noformat}
/etc/init.d/groundwork restart apache
{noformat}
h6. Enable Application Protection
Some environments have more strict requirements and need to have protection enabled. There is a risk that some features of the product or custom code will not work if protection mode is enabled. If you run into any problems you can open a support ticket and GroundWork Support will assist you.
# To set {{mod_security}} in Protection Mode, modify {{/usr/local/groundwork/apache2/conf/extra/httpd-security.conf}}.
# Comment out following line:
{noformat}#SecRule Engine DetectionOnly{noformat}
# Restart apache:
{noformat}
/etc/init.d/groundwork restart apache
{noformat}