I'm developing a WAF with good GUI and better log. And my base firewall is mod-security. It works well for http but I also want to work my WAF with https. Any suggestions?
Asked
Active
Viewed 2,116 times
3
-
Have you deployed Mod security as reverse proxy or apache plugin ? – Ali Ahmad Feb 08 '13 at 06:50
-
@Ali, I deployed it as reverse proxy. – Daniel Exar Feb 08 '13 at 06:58
-
1Follow this link http://adolfomaltez.wordpress.com/2011/05/29/apache-reverse-proxy-modsecurity/ and Read ModSecurity handbook – Ali Ahmad Feb 08 '13 at 07:23
-
Thank you Ali sir. Your link is very helpful and I was searching for modsecurity handbook but couldn't find link to download for free. – Daniel Exar Feb 08 '13 at 07:44
-
You can read book from https://www.feistyduck.com/books/modsecurity-handbook/modsecurity-handbook-getting-started-may-2012.pdf – Ali Ahmad Feb 08 '13 at 08:56
-
Hi @DanielExar, welcome to [security.se]. When you get a chance, I recommend reading the [FAQ] and the [About page](http://security.stackexchange.com/about), if you haven't yet. Just to be clear, you are developing a UI for configuring mod-security, and not really developing a WAF yourself? What exactly is the problem you are having with HTTPS, is Apache not terminating the SSL connection before hitting mod-security? – AviD Feb 08 '13 at 09:53
-
@AviD thank you for welcoming me here. And my problem is i want my WAF to filter https traffic because mod-security defaultly filters http only. – Daniel Exar Feb 08 '13 at 10:16
1 Answers
2
Terminate your SSL sessions as the very first thing you do at your reverse proxy / load balancer. Then feed the terminated sessions through your WAF, then to your regular daemon. Basically, you need to add another reverse proxy to the chain.
Jeff Ferland
- 38,090
- 9
- 93
- 171