Varnish WAF


Varnish WAF is available through the varnish-plus-waf package.

RedHat Enterprise Linux Installation

sudo yum update
sudo yum install varnish-plus varnish-plus-waf

Debian / Ubuntu Installation

sudo apt update
sudo apt install varnish-plus varnish-plus-waf

(Optional) Installing the OWASP CRS

The CRS is a set of generic attack detection rules for use with ModSecurity. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top 10. A convenience script to download the CRS is provided in this package. Users are responsible for managing the ruleset. The CRS can be downloaded to /etc/varnish/modsec/owasp-crs-{VERSION_NUMBER} by running:

sudo get_owasp_crs

See get_owasp_crs -h for more information and configuration options.

Optionally, the CRS can be downloaded from the official OWASP CRS github here.