Useful ModSecurity Rules & Rules Sets

Rule Sets

To get effective security from ModSecurity you need rules, and I strongly recommend using the core rule set, though I do need to mention that I wrote it.

• The Core Rule Set - the standard bundled with ModSecurity. Breach Security also sells a commercial Enhanced Rule Set as part of their ModSecurity support services.
• The GotRoot rule set - The only alternative complete rule set. Free version is delayed by 30 days after the release of the commercial rules.

Additional Rules

The rule sets above are not all encompassing. Most importantly, both aim at being plug and play so anything more complex that requires configuration is not included. The rules below are useful additions to the rule sets.

• Fixing HTTPOnly and Secure Cookie flags, Ryan Barnett
• PHP session tracking, Christian Bockermann
• XML inspection, Ryan Barnett (read also the attached file!)
• RFI detection based on question without parameters, Victor Julien
• Session-based Reverse-Proxy, Christian Bockermann
• Enabling ModSecuriyt to work with end to end compressions, Klaubert