The release of the OWASP ModSecurity Core Rule Set 3.0 is drawing closer and closer. This made me think about a way to introduce new users to ModSecurity and the Core Rules. Despite online documentation and blog posts and google and stack overflow and what not: There is no one stop place to learn it all from A to Z.
We will release a series of at least a dozen tutorials on Apache and ModSecurity. The individual guides will fit together like building blocks and all combined they will teach you all you need to know to build a secure apache webserver or reverse proxy.
Of course, there is no need for yet another tutorial on how to compile Apache or the 272th introduction to mod_ssl (actually google gives me 127K hits for mod_ssl + tutorial). But we will start with these basics nevertheless, because we have big plans and the foundation needs to be rock solid.
So today, netnea releases the following tutorials:
- Tutorial 1: Compiling Apache
- Tutorial 2: Configuring a Minimal Apache Web Server
- Tutorial 3: Configuring an Apache/PHP Application Server
- Tutorial 4: Enabling Encryption with SSL/TLS (leveraging Let’s Encrypt)
Near the end of the week, we’ll add an extended Apache access log and then continue with ModSecurity next week.
The idea is to be ready with the tutorial on the effective handling of ModSecurity False Positives the moment the Core Rules 3.0 come out (think end of October). And unlike the mod_ssl tutorial, you won’t find anything online that gives you a complete coverage of the tuning problem and its solution like this guide will.
Tutorials on Reverse Proxies, logfile visualisation and complete dumps of encrypted traffic will follow suit.
You should thus take a look at the four tutorials listed above: The upcoming ones will build upon this foundation and if you get started now, you will be ready the moment the OWASP ModSecurity Core Rules 3.0 come out.
If you want to make sure you do not miss that one, it’s probably best if you follow me on twitter (@ChrFolini) to get the info when a new tutorial appears here on netnea’s site.