If you want to cite us, please use the following (BibTeX) reference:
- Compile and install ModSecurity v3.0.10
- Install pymodsecurity
- Clone the OWASP CoreRuleSet
- Run experiments
First of all, you will need to install ModSecurity v3.0.10 on your system. Currently, this is a tricky process, since you will need to build ModSecurity v3.0.10 from source (although some distros might have an updated registry with ModSecurity 3.0.10 already available)
In modsec-learn
ModSecurity methods are implemented via pymodsecurity.
Since development on the official repository stopped on ModSecurity v3.0.3, the current workaround is: clone this fork and build it from source
To detect incoming payloads, you need a Rule Set. The de facto standard is the OWASP CoreRuleSet, but of course, you can choose any Rule Set you want, or customize the OWASP CRS.
To run the recommended settings, just clone the OWASP CRS in the project folder:
git clone --branch v4.0.0 git@github.com:coreruleset/coreruleset.git
All experiments can be executed using the Python scripts within the scripts
folder. The scripts must be executed starting from the project's root.
python3 scripts/run_experiments.py