Remote Rule Installation

Requirements:

  • Apache/IIS mod_security 2.9.5 or higher

  • Nginx Libmodsecurity 3.0.6 or higher

This method simplifies the WAF configuration by loading all the rule policies over a network connection. By default, the base policy includes anti-evation, strict content checking, Denial of service, Anti-malware, general attack, brute force detection, XSS, rootkit, DLP, and JITP rule classes.

Additional Rule Classes

  • antispam - Anti-spam rule policy, covering UCE, Gambling, Search Engine spoofing, etc.

  • proxy - Open Proxy blocking

  • recon - reconnaissance detection

  • redactor - Malicious content redactor

  • search - Search Engine automatic accesslisting

Apache

Step 1) Edit/Add your the ModSecurity configuration file:

RHEL/Rocky/Centos

/etc/httpd/modsecurity.d/tortix_waf.conf

Ubuntu/Debian

/etc/modsecurity/tortix_waf.conf

Step 2) Add the following to your mod_security tortix_waf.conf file, replacing <API Key> with the value in your license signup email:

SecRemoteRulesFailAction Warn
SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php

Step 3) (Optional) Additional rule classes can be specified as follows

SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php?antispam,recons

Nginx

Step 1) Configure nginx to load the modsecurity module in /etc/nginx/nginx.conf

load_module modules/ngx_http_modsecurity_module.so;

Step 2) Add the base ModSecurity configuration to nginx at /etc/nginx/conf.d/00_modsecurity.conf

modsecurity on;
modsecurity_rules_file /etc/httpd/modsecurity.d/tortix_waf.conf;

Step 3) Add the following to your mod_security tortix_waf.conf file, replacing <API Key> with the value in your license signup email:

SecRemoteRulesFailAction Warn
SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php

Step 4) (Optional) Additional rule classes can be specified as follows

SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php?antispam,recons

IIS

Step 1) Add the ollowing to your mod_security configuration C:Program FilesModsecurity IISmodsecurity.conf, replacing <API Key> with the value in your license signup email:

SecRemoteRulesFailAction Warn
SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php

Step 2) (Optional) Additional rule classes can be specified as follows

SecRemoteRules <API Key> https://waf.atomicorp.com/rules/srr.php?antispam,recons