0

I have installed Apache 2.4.7 with Drupal HTTPS site using Let's Encrypt cert. Mod_security is sucessfully installed, but is it able to defend against attacks, since the site is HTTPS?

I tried testing it for the simple SQLi, but it didnt trigger any events.

Anders
  • 64,406
  • 24
  • 178
  • 215
Guesttt
  • 31
  • 1
  • 2
  • 2
    Configure the ModSecurity box as a reverse proxy, terminate the HTTPS connections on this box and then ModSecurity will be able to inspect. Once the traffic is inspected, you can forward it to the appropriate back-end server. – void_in Mar 01 '17 at 15:08
  • @void_in: you should add this as an answer - it is the correct approach – Mike Goodwin Mar 01 '17 at 16:08

1 Answers1

0

Configure the ModSecurity box as a reverse proxy, terminate the HTTPS connections on this box and then ModSecurity will be able to inspect. Once the traffic is inspected, you can forward it to the appropriate back-end server. You can follow the guide Setting up a reverse proxy server. The site has some excellent other ModSecurity resources as well written by Christian Folini who is the ModSecurity developer and current lead.

void_in
  • 5,541
  • 1
  • 20
  • 28
  • Is there a possibility to install everything on one box(apache reverse proxy with TLS, mod_sec and website)? – Guesttt Mar 08 '17 at 12:07
  • If there is only a single site you want to defend, there is no need to install the reverse proxy module of Apache. Install ModSecurity on the same server which is hosting the website. Since connections will already being terminated at the server's end, ModSecurity will be able to examine the HTTP request/response and take appropriate actions. – void_in Mar 08 '17 at 14:05
  • Ok, but it is the same question as the first one. So if I understood correctly, if installed on the same server(LAMP + mod_ssl + mod_sec + Drupal website), mod_ssl first decrypts the traffic and then mod_security analyzes that traffic? Meaning, no need for the reverse proxy? – Guesttt Mar 09 '17 at 14:59