Hi, I can't help you a lot, in fact the only thing I can do is recommend you this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu. It works for me.
Cheers, Krzysztof Kokot 20 mar 2017 19:53 "lann...@runbox.com" <lann...@runbox.com> napisaĆ(a): Hi, I have spent about 2 days trying to understand how to setup mod-security on my web server. I choose to rely on packages in the official repo, so if possible I will not compile packages. Is correct to say that I can't have mod-security in nginx? Is mod-security only available in apache2? Then I'm looking for some instruction about installing. There are a lot of outdated material and is difficult to learn the right stuff. Here is what I have typed: apt-get install libcurl3-gnutls liblua5.1-0 libxml2 apt-get install libapache2-mod-security2 apt-get install modsecuriy-crs sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf sudo nano /etc/modsecurity/modsecurity.conf I have turned on the option SecRuleEngine git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git Now... my questions are: 1) Where I have to put the rules 2) Which other config files I have to edit 3) How I enable modsecurity on my website 4) Do you have sample config file to share? Thanks a lot for your help. Anders. LA.
