play-modsecurity

What is this?

It is for learning web security through modsecurity, which is a WAF tools.

This works with modsecurity and insecure app.

Therefore, you can try to protect against vulnerabilities by setting modsecurity rules.

How To Set Up

Run Containers

Type below command so that you can run container.

docker compose up -d --build

Restart Nginx Server

After running containers, you need to restart nginx server(including modsecurity) so that it can integrate with WebGoat.

To enter and restart the nginx server, you type some commands.

Commands are as follows.

docker exec -it modsec bash

/etc/init.d/nginx restart

Then you can access the Webgoat via below URL. (please wait 30sec after typing above commands.)

http://localhost/WebGoat

How To Change Rules

If you want to change modsecurity rule, you needs to update ./conf.d/ruleset.conf .

Then, you will restart nginx server as I explained previously.

How To Try Easy Test

After entering WebGoat, you type 'or 1=1 as sql injection like the below image.

In this ModSecurity may not recognize the attack.

Then, you will remove comment out and enable the below command in ./conf.d/main.conf modsecurity on; modsecurity_rules_file /etc/nginx/modsecurity/main.conf;

After restarting nginx, when you retry 'or 1=1, Modsecurity recognize and block the attack.

Rreference

• ModSecurity

• WebGoat

• docker-nginx-modsecurity

• OSS WAF(Nginx + ModSecurity 3)のDockerイメージを作ったよ

• ModSecurity 3.0 and NGINX: Quick Start Guide

• OWASP ModSecurity Core Rule Set

• PRJ702: Protection of Web applications running on Docker against SQL injection attacks

• オープンソースWAF「ModSecurity」で学ぶサーバーの防御

• WebGoat: (Almost) Fully Documented Solution (en)

• REQUEST-942-APPLICATION-ATTACK-SQLI.conf