Varnish WAF is currently available on RedHat Enterprise Linux 7 and CentOS 7. Access to Varnish Plus is required. Please get in touch via firstname.lastname@example.org for more information on Varnish Plus.
Varnish WAF is available through the
sudo yum update sudo yum install varnish-plus varnish-plus-waf
Varnish will need read and write access to all things ModSecurity and CRS related.
/etc/varnish/modsec, can be created with varnish as the owner.
Similarly any files that are used in Varnish WAF will need the same access level.
There are three main files that need to be created: the audit log,
the debug log and the main WAF configuration file.
sudo mkdir /etc/varnish/modsec sudo chown varnish /etc/varnish/modsec sudo -u varnish touch /etc/varnish/modsec/audit.log sudo -u varnish touch /etc/varnish/modsec/debug.log sudo -u varnish touch /etc/varnish/modsec/waf.conf
Now that the minimum set of needed files are created, the CRS and related files can be installed.
The below instructions will install the set of rules, the CRS configuration
file and the ModSecurity configuration file.
It should be noted that the below instructions will make copies of some files.
This is best practice to have a baseline to go back to if needed.
The three files that are copied are:
These configuration files are used to update the settings for the CRS and ModSecurity,
and set up a list of rules to exclude from the CRS (to avoid false positives).
# download CRS v3.0.2.tar.gz and name it owasp-crs sudo -u varnish wget git.io/fp2jq -O /etc/varnish/modsec/owasp.tar.gz sudo -u varnish tar -xzf /etc/varnish/modsec/owasp.tar.gz sudo mv /etc/varnish/modsec/owasp-modsecurity-crs-3.0.2 \ /etc/varnish/modsec/owasp-crs # stash copy of original crs-setup.conf for editing sudo cp /etc/varnish/modsec/owasp-crs/crs-setup.conf.example \ /etc/varnish/modsec/owasp-crs/crs-setup.conf # stash copy of original exclusions example for editing sudo cp /etc/varnish/modsec/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example \ /etc/varnish/modsec/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf # download ModSecurity configuration file sudo -u varnish wget git.io/fp2pI -O \ /etc/varnish/modsec/modsecurity.conf.example # stash copy of original modsecurity.conf for editing sudo cp /etc/varnish/modsec/modsecurity.conf.example \ /etc/varnish/modsec/modsecurity.conf