Remote Rule Installation
Requirements:
Apache/IIS mod_security 2.9.5 or higher
Nginx Libmodsecurity 3.0.6 or higher
This method simplifies the WAF configuration by loading all the rule policies over a network connection. By default, the base policy includes anti-evation, strict content checking, Denial of service, Anti-malware, general attack, brute force detection, XSS, rootkit, DLP, and JITP rule classes.
Additional Rule Classes
antispam - Anti-spam rule policy, covering UCE, Gambling, Search Engine spoofing, etc.
proxy - Open Proxy blocking
recon - reconnaissance detection
redactor - Malicious content redactor
search - Search Engine automatic accesslisting
Apache
Step 1) Edit/Add your the ModSecurity configuration file:
RHEL/Rocky/Centos
/etc/httpd/modsecurity.d/tortix_waf.conf
Ubuntu/Debian
/etc/modsecurity/tortix_waf.conf
Step 2) Add the following to your mod_security tortix_waf.conf file, replacing <API Key> with the value in your license signup email:
SecRemoteRulesFailAction Warn SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php
Step 3) (Optional) Additional rule classes can be specified as follows
SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php?antispam,recons
Nginx
Step 1) Configure nginx to load the modsecurity module in /etc/nginx/nginx.conf
load_module modules/ngx_http_modsecurity_module.so;
Step 2) Add the base ModSecurity configuration to nginx at /etc/nginx/conf.d/00_modsecurity.conf
modsecurity on; modsecurity_rules_file /etc/httpd/modsecurity.d/tortix_waf.conf;
Step 3) Add the following to your mod_security tortix_waf.conf file, replacing <API Key> with the value in your license signup email:
SecRemoteRulesFailAction Warn SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php
Step 4) (Optional) Additional rule classes can be specified as follows
SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php?antispam,recons
IIS
Step 1) Add the ollowing to your mod_security configuration C:Program FilesModsecurity IISmodsecurity.conf, replacing <API Key> with the value in your license signup email:
SecRemoteRulesFailAction Warn SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php
Step 2) (Optional) Additional rule classes can be specified as follows
SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php?antispam,recons