NOTE: This post has been updated to include the requirement of mod_unique_id.
As part of some investigations at work I have been playing around with ModSecurity, the open source web application firewall (WAF), and the standard set of rules provided by OWASP. All our infrastructure is hosted with Amazon AWS so I thought that it would be useful to drop down the steps I took to get this working on a bare bones Amazon Linux box.
Install ModSecurity
You can, of course, compile ModSecurity from the sources but it is easier to install via yum, however, it is part … Read the rest