I just installed CWAF in a standalone mode on a apache server. When I started the apache with the cwaf.conf nothing happend. The modsec_audit.log file is empty or find any new messages. I tried to add some domains like:
sudo ./cwaf-cli.pl -de mydomain1.tld mydomain2.tld
sudo ./cwaf-cli.pl -de mydomain1.tld:80 mydomain2.tld:80
CWAF told me, that some domains where successfully added, but If I want to display my list of domains, the line remains empty.
Perhaps this is a problem of rights. Who is the owner of the conf files in the httpd directory? May I change the domains in 00_blank.conf manually? ?
After install in standalone mode you have to add reference to CWAF rules to Apache mod_security configuration.
Usually this file shipped with mod_security (
/etc/httpd/conf.d/mod_security.conf for CentOS,
/etc/apache2/mods-enabled/security2.conf for Debian etc etc)
Add line to this file to enable CWAF:
and reload Apache.
Update to latest rules version with:
After this steps CWAF will be enabled for your server.
Use <PATH_TO_CWAF>/scripts/cwaf-cli.pl to manage rules.
cwaf-cli -xa <RULE_ID1> <RULE_ID2> will disable protection provided by rules RULE_ID1, RULE_ID2 (in case of false positives for this rules)
cwaf-cli -xd - will re-enable protection
cwaf-cli -xl - will show currently disabled rules
cwaf-cli -dd - will disable completly protection for given domain (if required)
cwaf-cli -de - will enable protection for given domain
Please feel free to ask any questions you happen to have.
Best regards, Oleg