Skip to content

Commit

Permalink
fix: update prefix directory
Browse files Browse the repository at this point in the history
Signed-off-by: Felipe Zipitria <[email protected]>
  • Loading branch information
fzipi committed Feb 14, 2024
1 parent 6c20e04 commit 45a028f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 6 deletions.
1 change: 1 addition & 0 deletions config/_default/config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ home = [ "HTML", "RSS", "JSON"]
# CRS related parameters
crs_latest_release = "3.3.4"
crs_dev_branch = "v4.0/dev"
crs_install_dir = "/etc/crs4"

[[menu.shortcuts]]
name = "<i class='fas fa-bookmark'></i> Core Rule Set Home"
Expand Down
17 changes: 11 additions & 6 deletions content/deployment/quick_start.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,10 +78,12 @@ The examples presented below demonstrate using Apache. For information on config
Note that while it's common practice to make a new `modsecurity.d` folder, as outlined below, this isn't strictly necessary. The path scheme outlined is common on RHEL-based operating systems; the Apache path used may need to be adjusted to match the server's installation.

```bash
mkdir /etc/httpd/modsecurity.d
tar -zxvf v{{< param crs_latest_release >}}.tar.gz -C /etc/httpd/modsecurity.d/crs
mkdir {{< param crs_install_dir >}}
tar -xzvf v{{< param crs_latest_release >}}.tar.gz --strip-components 1 -C {{< param crs_install_dir >}}
```

Now all the CRS files will be located below the `{{< param crs_install_dir >}}` directory.

### Setting Up the Main Configuration File

After extracting the rule set files, the next step is to set up the main OWASP Core Rule Set configuration file. An example configuration file is provided as part of the release package, located in the main directory: `crs-setup.conf.example`.
Expand All @@ -95,7 +97,7 @@ In many scenarios, the default example CRS configuration will be a good enough s
Once any settings have been changed within the example configuration file, as needed, it should be renamed to remove the .example portion, like so:

```bash
cd /etc/httpd/modsecurity.d/crs/
cd {{< param crs_install_dir >}}
mv crs-setup.conf.example crs-setup.conf
```

Expand All @@ -104,11 +106,14 @@ mv crs-setup.conf.example crs-setup.conf
The last step is to tell the web server where the rules are. This is achieved by `include`-ing the rule configuration files in the `httpd.conf` file. Again, this example demonstrates using Apache, but the process is similar on other systems (see the [extended install]({{< ref "install.md" >}}) page for details).

```bash
echo 'IncludeOptional /etc/httpd/crs/crs-setup.conf' >> /etc/httpd/conf/httpd.conf
echo 'IncludeOptional /etc/httpd/crs/rules/*.conf' >> /etc/httpd/conf/httpd.conf
echo 'IncludeOptional {{< param crs_install_dir >}}/crs-setup.conf' >> /etc/httpd/conf/httpd.conf
echo 'IncludeOptional {{< param crs_install_dir >}}/plugins/*-config.conf' >> /etc/httpd/conf/httpd.conf
echo 'IncludeOptional {{< param crs_install_dir >}}/plugins/*-before.conf' >> /etc/httpd/conf/httpd.conf
echo 'IncludeOptional {{< param crs_install_dir >}}/rules/*.conf' >> /etc/httpd/conf/httpd.conf
echo 'IncludeOptional {{< param crs_install_dir >}}/plugins/*-after.conf' >> /etc/httpd/conf/httpd.conf
```

Now that everything has been configured, it should be possible to restart and being using the OWASP Core Rule Set. The CRS rules typically require a bit of tuning with rule exclusions, depending on the site and web applications in question. For more information on tuning, see [false positives and tuning]({{< ref "false_positives_tuning.md" >}}).
Now that everything has been configured, it should be possible to restart and being using the OWASP CRS. The CRS rules typically require a bit of tuning with rule exclusions, depending on the site and web applications in question. For more information on tuning, see [false positives and tuning]({{< ref "false_positives_tuning.md" >}}).

```bash
systemctl restart httpd.service
Expand Down

0 comments on commit 45a028f

Please sign in to comment.