Updating ModSecurity when using OWASP rule sets


I am somewhat new to Modsecurity and still have a long way to go so bear with me. Ubuntu 18.04

I'm currently running Modsecurity 2.9.2-1 and OWASP rules 3.0.2

I would like to update the rules to what's currently available on github, which is 3.1.0.

I found that there is a binary in /usr/bin called mlogc so I'm wondering if that needs to also be updated or if I can simply replace the rules and all the other conf files etc and that will still work?

Or would I have to un install the entire mod security system and re-install?

For example…..
What if I just copied
OWASP ModSecurity Core Rule Set ver.3.2.0
right over the top of
OWASP ModSecurity Core Rule Set ver.3.0.2

and then copied all the rules for 3.1.0 (latest rule sets)


PS Is there an active forum where Modsecurity is discussed?

Best Answer

Since your ModSecurity is recent (>2.8), simply replacing the OWASP CRS rules with new ones is ok.

Github is the preferred way to download and install CRS.

git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Related Topic