I want to use Mod Security as transparent mode. Mod security web application firewall (WAF) should be between server and client and client provided with only server's IP address to access the site. The client should not aware about the presence of Mod security since it provided server's IP address unlike in reverse proxy mode. Is it possible to use mod security as mentioned above?
I want to deploy mod security as transparent proxy (layer 7).
My first question would be why?
If mod_security is on the actual server it will be transparent.
If mod security is on a gateway then the client will only ever see the gateway server address. Just use x-forwarded-for to see the client IP in the server logs.
It may be possible to use TPROXY in the linux kernel in a two subnet configuration where the servers default gateway is translated through the mod sec box (servers would NOT be able to have a public IP address).
But I'm not sure if apache/mod_sec even supports TPROXY it needs code specifically to support it (like in HAProxy).
