Skip to content
OAShield

Modsecurity3

ModSecurity, commonly known as ModSec, is an open-source web application firewall (WAF) that provides robust HTTP request and response filtering capabilities. It supports platforms like Apache HTTP Server, Microsoft IIS, and Nginx, operating under the Apache License 2.0, which allows for free integration and modification.

ModSecurity

ModSecurity 3 Rules

At the core of ModSecurity’s functionality is its rule configuration language, ‘SecRules.’ These rules enable real-time monitoring, logging, and filtering of HTTP communications based on user-defined criteria. While ModSecurity can be customized with bespoke rules, it is commonly deployed with the OWASP ModSecurity Core Rule Set (CRS). The CRS offers a comprehensive set of generic attack detection rules, providing protection against prevalent threats, including those listed in the OWASP Top Ten, with minimal false positives.

OWASP CRS

Generating ModSecurity 3 Rules from OpenAPI Specifications with OAShield

OpenAPI Specifications (OAS) serve as a standardized framework for defining RESTful APIs, detailing endpoints, request methods, parameters, and responses. Leveraging OAS to generate ModSecurity 3 rules enhances application security by ensuring that only valid API calls are permitted. This method involves creating rules that align with the API’s defined behavior, effectively blocking any undefined or potentially malicious operations.

OAShield is an open-source project that facilitates the conversion of OpenAPI 3.x specifications into ModSecurity rules. By utilizing OAShield, organizations can automate the creation of WAF configurations that strictly adhere to their API specifications, thereby enhancing security by disallowing any undefined operations.

Implementing ModSecurity 3 with OAShield-Generated Rules

Integrating ModSecurity 3 with rules gAPI specifications using OAShield involves several steps:

  • Define the OpenAPI Specification: Ensure the API is thoroughly documented using the OpenAPI framework, detailing all endpoints, methods, parameters, and expected responses.

  • Generate ModSecurity Rules with OAShield: Utilize OAShield to transform the OpenAPI specification into ModSecurity 3 rules. This process creates a configuration that permits only the operations defined in the API specification.

  • Deploy the Rules: Integrate the generated rules into the ModSecurity 3 configuration on the web server or WAF appliance protecting the application.

  • Test and Monitor: Conduct thorough testing to verify that legitimate traffic is allowed and malicious or undefined requests are blocked. Continuous monitoring ensures the rules function as intended and provides insights for any necessary adjustments.

By aligning ModSecurity 3 rules with OpenAPI specifications through OAShield, organizations can enforce strict API security policies, reducing the attack surface and enhancing the overall security posture of their web applications.